From rforno at infowarrior.org Tue Apr 1 13:29:03 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Apr 2014 14:29:03 -0400 Subject: [Infowarrior] - =?windows-1252?q?NSA_performed_warrantless_search?= =?windows-1252?q?es_on_Americans=27_calls_and_emails_=96_Clapper?= Message-ID: <8C51D20B-89A0-477B-8348-3BD9F329C5DD@infowarrior.org> (c/o ferg) NSA performed warrantless searches on Americans' calls and emails ? Clapper ? Spencer Ackerman in Washington and James Ball in New York ? theguardian.com, Tuesday 1 April 2014 12.48 EDT http://www.theguardian.com/world/2014/apr/01/nsa-surveillance-loophole-americans-data US intelligence chiefs have confirmed that the National Security Agency has used a "back door" in surveillance law to perform warrantless searches on Americans? communications. The NSA's collection programs are ostensibly targeted at foreigners, but in August the Guardian revealed a secret rule change allowing NSA analysts to search for Americans' details within the databases. Now, in a letter to Senator Ron Wyden, an Oregon Democrat on the intelligence committee, the director of national intelligence, James Clapper, has confirmed for the first time the use of this legal authority to search for data related to ?US persons?. ?There have been queries, using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States,? Clapper wrote in the letter, which has been obtained by the Guardian. ?These queries were performed pursuant to minimization procedures approved by the Fisa court and consistent with the statute and the fourth amendment.? The legal authority to perform the searches, revealed in top-secret NSA documents provided to the Guardian by Edward Snowden, was denounced by Wyden as a ?backdoor search loophole.? Many of the NSA's most controversial programs collect information under the law affected by the so-called loophole. These include Prism, which allows the agency to collect data from Google, Apple, Facebook, Yahoo and other tech companies, and the agency's Upstream program ? a huge network of internet cable taps. Clapper did not disclose how many warrantless searches had been performed by the NSA. Confirmation that the NSA has searched for Americans? communications in its phone call and email databases complicates President Barack Obama?s initial defenses of the broad surveillance in June. ?When it comes to telephone calls, nobody is listening to your telephone calls. That?s not what this program?s about,? Obama said. ?As was indicated, what the intelligence community is doing is looking at phone numbers and durations of calls. They are not looking at people?s names, and they?re not looking at content.? Obama was referring specifically to the bulk collection of US phone records, but his answer misleadingly suggested that the NSA could not examine Americans? phone calls and emails. At a recent hearing of the Privacy and Civil Liberties Oversight Board, administration lawyers defended their latitude to perform such searches. The board is scheduled to deliver a report on the legal authority under which the communications are collected, Section 702 of the Foreign Intelligence Surveillance Act (Fisa), passed in 2008. In December 2012, Wyden and Colorado Democrat Mark Udall failed to persuade their fellow Senate intelligence committee members to prevent such warrantless searches during the re-authorisation of the 2008 Fisa Amendments Act, which wrote Section 702 into law. Dianne Feinstein, the California Democrat who chairs the committee, defended the practice, and argued that it did not violate the act?s ?reverse targeting? prohibition on using NSA?s vast powers to collect content on Americans. ?With respect to analysing the information lawfully collected under Section 702, however, the intelligence community provided several examples in which it might have a legitimate foreign intelligence need to conduct queries in order to analyze data already in its possession,? Feinstein said in December 2012. ?The Department of Justice and the intelligence community reaffirmed that any queries made of Section 702 data will be conducted in strict compliance with applicable guidelines and procedures, and do not provide a means to circumvent the general requirement to obtain a court order before targeting a US person under Fisa.? Clapper referred to that debate in his letter to Wyden, which came in response to the senator?s request in January for a public answer on whether the NSA had in fact conducted such searches. ?As you know, when Congress reauthorized Section 702, the proposal to restrict such queries was specifically raised and ultimately not adopted,? Clapper wrote. Much of the NSA's bulk data collection is covered by section 702 of the Fisa Amendments Act. This allows for the collection of communications ? content and metadata alike ? without individual warrants, so long as there is a reasonable belief the communications are both foreign and overseas. The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as "incidental collection". Initially, NSA rules on such data prevented the databases being searched for any details relating to "US persons" ? that is, citizens or residents of the US. However, in October 2011 the Fisa court approved new procedures which allowed the agency to search for US person data, a revelation contained in documents revealed by Snowden. The ruling appears to give the agency free access to search for information relating to US people within its vast databases, though not to specifically collect information against US citizens in the first place. However, until the DNI's disclosure to Wyden, it was not clear whether the NSA had ever actually used these powers. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 2 06:18:54 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Apr 2014 07:18:54 -0400 Subject: [Infowarrior] - Saudi Arabia: New Terrorism Regulations Assault Rights Message-ID: <093C23F4-1F92-481F-B991-C763D54CFCCD@infowarrior.org> Saudi Arabia: New Terrorism Regulations Assault Rights Campaign to Silence Peaceful Activists March 20, 2014 http://www.hrw.org/news/2014/03/20/saudi-arabia-new-terrorism-regulations-assault-rights (Beirut) ? Saudi Arabia?s new terrorism law and a series of related royal decrees create a legal framework that appears to criminalize virtually all dissident thought or expression as terrorism. The sweeping provisions in the measures, all issued since January 2014, threaten to close down altogether Saudi Arabia?s already extremely restricted space for free expression. < - > The interior ministry regulations include other sweeping provisions that authorities can use to criminalize virtually any expression or association critical of the government and its understanding of Islam. These ?terrorism? provisions include the following: ? Article 1: ?Calling for atheist thought in any form, or calling into question the fundamentals of the Islamic religion on which this country is based.? ? Article 2: ?Anyone who throws away their loyalty to the country?s rulers, or who swears allegiance to any party, organization, current [of thought], group, or individual inside or outside [the kingdom].? ? Article 4: ?Anyone who aids [?terrorist?] organizations, groups, currents [of thought], associations, or parties, or demonstrates affiliation with them, or sympathy with them, or promotes them, or holds meetings under their umbrella, either inside or outside the kingdom; this includes participation in audio, written, or visual media; social media in its audio, written, or visual forms; internet websites; or circulating their contents in any form, or using slogans of these groups and currents [of thought], or any symbols which point to support or sympathy with them.? ? Article 6: ?Contact or correspondence with any groups, currents [of thought], or individuals hostile to the kingdom.? ? Article 8: ?Seeking to shake the social fabric or national cohesion, or calling, participating, promoting, or inciting sit-ins, protests, meetings, or group statements in any form, or anyone who harms the unity or stability of the kingdom by any means.? ? Article 9: ?Attending conferences, seminars, or meetings inside or outside [the kingdom] targeting the security of society, or sowing discord in society.? ? Article 11: ?Inciting or making countries, committees, or international organizations antagonistic to the kingdom.? These broad provisions contain language that prosecutors and judges are already using to prosecute and convict independent activists and peaceful dissidents, Human Rights Watch said. < - > Article 32 of the Arab Charter on Human Rights, to which Saudi Arabia is party, guarantees the right to freedom of opinion and expression, and to impart news to others by any means. Article 28 guarantees the rights to peaceful assembly and association. While protecting public order and national security are recognized in international human rights law as legitimate purposes for limiting certain rights under narrow and clearly-defined circumstances, vague and overly broad legal provisions cannot be the basis for overriding a broad array of fundamental rights. Provisions of Saudi Arabia?s new terrorism regulations that deny any ability to exercise basic rights of peaceful assembly, association, and expression greatly exceed any notion of justifiable restrictions, Human Rights Watch said. Commenting on article 6 of the regulation, one activist told Human Rights Watch on March 12: ?Just talking to you now is considered terrorism ? I could be prosecuted as a terrorist for this conversation.? From rforno at infowarrior.org Wed Apr 2 06:19:25 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Apr 2014 07:19:25 -0400 Subject: [Infowarrior] - Shame On Nature: Academic Journal Demanding Researchers Waive Their Own Open Access Policy Message-ID: <92B8470A-B0EF-4E81-9A85-310312CCE0AF@infowarrior.org> Shame On Nature: Academic Journal Demanding Researchers Waive Their Own Open Access Policy http://www.techdirt.com/articles/20140329/07301426726/shame-nature-academic-journal-demanding-researchers-waive-their-own-open-access-policy.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 2 06:19:31 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Apr 2014 07:19:31 -0400 Subject: [Infowarrior] - NSA water records to be released in Utah Message-ID: <79A7229F-8BE1-4AFA-A3EB-34F0D4A1A736@infowarrior.org> Victory! NSA water records to be released in Utah http://tenthamendmentcenter.com/2014/03/31/victory-nsa-water-records-to-be-released-in-utah/ he Journey of 1000 Miles Begins with a Single Step This month, the Utah State Records Committee ruled that the City of Bluffdale must release water records pertaining to the massive NSA data center located there. Salt Lake City Tribune reporter Nate Carlisle pursued the information, and his success shows how a series of small, seemingly insignificant actions can lead to a major victory. The committee voted unanimously to require the city to make details of the NSA?s water use public last week. ?We felt the law was on our side,? Carlisle told KUTV News. ?We also felt there was a public interest in knowing how much water the NSA is using in Utah, so Utahns are informed about the role of the NSA in their state.? The city of Bluffdale and the NSA were both initially unwilling to give up the details about their arrangement. Water usage estimates range between 1.2 and 1.7 million gallons of water per day, but the NSA was very ambiguous regarding the specific figure, insisting it was a matter of ?national security.? Carlisle submitted a letter to the Utah State Records Committee requesting information about the NSA?s water use. In it, he talked about the tedious process he underwent to obtain the records from obstinate city officials. He also complained of excessive fees charged by the city of Bluffdale during his request. Carlisle pointed out that the water records do not belong to the NSA, and instead belong to the public. The committee ultimately forced Bluffdale to give up the records and reduce the fees. This decision represents a huge win for the efforts to thwart NSA spying at the state and local level. The NSA?s Bluffdale center sits smack in the middle of a desert, and it pays a discounted rate for water. That fact will not sit well with Utahns keenly aware of their limited water resources. Utah Rep. Marc Roberts officially introduced the 4th Amendment Protection Act this year to prohibit material support to the NSA for its unconstitutional spying. The legislation would begin the process of ending the NSA?s sweetheart deal with the city and cut it off from the resources it desperately needs to conduct its illegal spying operation. The legislative proposal was referred to an interim study committee, and the Utah House will likely consider it next session after public hearings. And now, the exact nature of the NSA?s water use will be part of the discussion. Public disclosure of NSA water use may well serve as the impetus for the state legislature to take bold action against the NSA. The victory demonstrates just how much impact the OffNow Campaign can and will have. Many tend to evaluate efforts only on the big wins ? in the short term. Some will call the entire effort a failure if at least one state doesn?t pass a Fourth Amendment Protection Act this legislative session. But the campaign has already made significant progress, even if nothing else develops this session. Consider the small steps that led to the Utah State Records Committee decision. First there were countless hours of research that identified how the NSA depends on state support. Then there was the work to draft the model legislation. We spent hours cobbling together a coalition, developing the website, launching a petition at change.org, and creating the Turn it Off video. Each one of these small steps built on the last and ultimately drove an honest reporter to want to know more. None of this would have happened if a few people hadn?t decided to take action. The journey of 1000 miles begins with a single step. And the march will continue to gather momentum. As the public receives more accurate information about the NSA, it will undoubtedly demand more ways to fight back against the spy agency. The OffNow coalition has a plan which empowers local activists to circumvent Washington D.C. and take matters into their own hands. This is the path to ?reform? and stopping the NSA?s unconstitutional behavior. Thanks to brave reporters like Nate Carlisle, our campaign now has a greater chance of protecting the 4th Amendment against federal violations. One step at a time. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 2 08:11:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Apr 2014 09:11:32 -0400 Subject: [Infowarrior] - The NCAA Took Away My Cat Mug Message-ID: The NCAA Took Away My Cat Mug Amid All of the Questions Confronting College Sports, a Mug Gets Confiscated By Jason Gay Updated April 1, 2014 10:28 a.m. ET http://online.wsj.com/news/articles/SB10001424052702304157204579473352891772622 The following is a true story. It actually happened. It is NOT an April Fools' joke. This is a story about a cat mug. It is a good-sized cat mug, with room for about 12 ounces of a beverage, and it features 11 illustrations of domestic cats in various poses, including "chase," "sit," "beg," "down" and "fetch." If you do not think that a cat can fetch, you have not been spending enough time with cats. The mug is made by the company Fishs Eddy and it cost me $16.95. You might think that is a lot to spend on cat mug, but then again, it's a pretty awesome cat mug. On Sunday I was one of the many thousands who attended the NCAA tournament East regional final at Madison Square Garden between Connecticut and Michigan State. College basketball can be a lot of fun, but the NCAA can be a bit of a trip. Like other people in the media, I have been amused for a while at a strictly enforced NCAA policy regarding cups. As in paper cups. The NCAA forbids outside cups at tournament games. It requests that beverages are consumed in official NCAA cups with a logo of a Prominent Hydration Drink. It takes this rule seriously; there are a lot of jokes about the Cup Police, and at the floor-level entrances to the court there are signs in capital letters that remind you of this rule. ONLY NCAA CUPS ALLOWED BEYOND THIS POINT, the sign reads. Next to the sign, there's a stack of NCAA cups with the Prominent Hydration Drink logo, ready for your obedient use. This is where the cat mug comes in. I'll say it right up front: I was not innocently wandering into the Garden with a cat mug. I felt the NCAA cup rule was pretty funny, and a bit ridiculous, so I wanted to wage a tiny protest against the NCAA by bringing my kitty cat beverage holder to the game. I knew it was against NCAA regulations, and I also knew that my credential to cover the game was based upon my agreeing to adhere to NCAA policy. Rules are rules, and if you're going to go to somebody's game, you have to play by the host's rules. Still: It was a cat mug. And who doesn't love a cat mug? The other thing is that we're living in a rebellious moment in which there are a lot of important questions about the way the NCAA does business, and whether or not it is fair to college sports and especially college athletes. No one disputes that college sports have become a big business: The TV contract for the tournament is an astonishing $10.8 billion, coaches make millions, apparel companies pay to outfit teams and title celebrations. Everybody seems to be getting a buck, except the athletes, who sell tickets, drive ratings and move merchandise?but, outside of scholarships, are not allowed to share in the bounty they help generate, and there are a great many rules, some of them as petty as no non-NCAA cups, designed to prevent this. Even charging for your own signature is a no-no (ask Johnny Manziel). To the public, this restrictive environment is looking increasingly silly and outmoded. Just the other day a National Labor Relations Board regional director ruled that Northwestern football players had a right to form a union. Why? Because playing college football is such a full-time job, these players were effectively employees?athletes first, students second. It might not be as serious as a sponsored paper cup, but this seems like a major development. And this was on my mind as I arrived at MSG with the cat mug. I tweeted out a photo of my mug next to the scary NCAA cup sign. Then I went to my seat, and to make it official, I put a little of the Prominent Hydration Drink in the cat mug. I tweeted another photo of the cat mug at my press table. Foolish? Sure. A dare? You could say that. And then I began watching the game, which, by the way, was a fantastic game, UConn rallying to unseat powerful Michigan State before a delirious home crowd at the Garden. And the cat mug went unbothered for pretty much the whole game. Until about four minutes left, when action on the court was getting intense, and a member of the tournament's staff came by and inquired about the cup. The staffer made a couple of jokes?I think they were jokes, it was really noisy in the Garden?and I honestly thought he was going to let the whole thing slide (so did my colleague to the left of me, Star-Ledger columnist Steve Politi ). Then I was asked if the Journal intended to cover the Final Four next weekend, and I said that, yes, I believed the Journal intended to cover the Final Four. I still was hanging onto the idea that this whole thing was a joke. Then the cat mug was requested. As in, they wanted the cat mug. And what I wanted to say was: I refuse to give you this cat mug, because this cat mug is a protest of what I see as the hypocrisy of big-time college athletics in this country, where an urge to reap every possible dollar has undermined a beautiful endeavor. And even if it means spending the rest of my life in NCAA jail, being forced to watch replays of the Beef 'O' Brady's Bowl, you will never get my cat mug. And then I would elegantly hop over the table and run onto the court, briefly disrupting the game, while giving courtside cat-mug high-fives to Verne Lundquist and Bill Raftery. But what I actually said was something like: Uh, OK. And I handed over the mug. I sheepishly poured the remaining sips of the Prominent Hydration Drink into an NCAA cup, and surrendered. Perhaps the weakest act of civil disobedience ever. I did get it back. After the game, I was politely allowed to recover and reunite with my cat mug. Eleven cats and I left the Garden, with a parade of jubilant Huskies fans. The mug had dinner with me on the Lower East Side Sunday night and coffee Monday morning. The NCAA remains the NCAA, rich and conflicted, chasing strange infractions, and it's important to state that no cats were harmed in the making of this column. The Final Four is this weekend: Wisconsin, Florida, UConn, Kentucky, the grand finale of a far-reaching, multibillion-dollar NCAA operation. Badgers, Gators, Huskies?and Cats. Your mugs have been warned. Write to Jason Gay at Jason.Gay at wsj.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 3 05:51:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Apr 2014 06:51:37 -0400 Subject: [Infowarrior] - The House (anti) Science Committee Message-ID: The Curious Wavefunction The House of Representatives Committee on Science is turning into a national embarrassment By Ashutosh Jogalekar | March 31, 2014 | 16 A few days back I wrote a post explaining why I am all for private support of basic science, especially in an age when government funding and support is flagging. My feelings were simply reinforced when I came across this news piece documenting the shameful behavior of Republican members of the House Committee on Science, Space and Technology in denying climate change and harassing John Holdren, President Obama?s science advisor. The debacle was part of a hearing in which the members were supposed to discuss the upcoming 2015 budget with Holdren. Instead the proceedings turned into a mixture of hostile heckling and insulting sarcasm. This was black comedy that would have been mildly humorous had it not been real. The Republican members of the committee made it clear that not only do they lack the slightest interest in addressing climate change but they are about as ignorant about the nuances of science as a stone. Leading the charge was Texas congressman Randy Weber .... < -- > http://blogs.scientificamerican.com/the-curious-wavefunction/2014/03/31/the-house-of-representatives-committee-on-science-is-turning-into-a-national-embarrassment/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 3 17:26:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Apr 2014 18:26:37 -0400 Subject: [Infowarrior] - DOJ Flips Out That Evidence Gathered Via FISA Orders Might Be Made Available To Defendants Message-ID: <0F60DF32-8718-4C34-81AB-B754A46A8E3F@infowarrior.org> DOJ Flips Out That Evidence Gathered Via FISA Orders Might Be Made Available To Defendants http://www.techdirt.com/articles/20140402/12194426777/doj-flips-out-that-evidence-gathered-via-fisa-orders-might-be-made-available-to-defendants.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 3 17:27:42 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Apr 2014 18:27:42 -0400 Subject: [Infowarrior] - Mozilla CEO Eich resigns after gay-marriage controversy Message-ID: Mozilla CEO Eich resigns after gay-marriage controversy Brendan Eich steps down following calls for his ouster over his support for California's anti-gay marriage Proposition 8. ? by Seth Rosenblatt ? April 3, 2014 12:13 PM PDT http://www.cnet.com/news/mozilla-ceo-eich-resigns-after-controversy/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 3 19:50:48 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Apr 2014 20:50:48 -0400 Subject: [Infowarrior] - Obama's NSA overhaul may require phone carriers to store more data Message-ID: <275D30FF-C032-41C5-B93C-B0955852C4BB@infowarrior.org> Obama's NSA overhaul may require phone carriers to store more data By Mark Hosenball and Alina Selyukh WASHINGTON Thu Apr 3, 2014 6:46pm EDT http://www.reuters.com/article/2014/04/03/us-usa-security-obama-idUSBREA3228O20140403 (Reuters) - President Barack Obama's plan for overhauling the National Security Agency's phone surveillance program could force carriers to collect and store customer data that they are not now legally obliged to keep, according to U.S. officials. One complication arises from the popularity of flat-rate or unlimited calling plans, which are used by the vast majority of Americans. While the Federal Communications Commission requires phone companies to retain for 18 months records on "toll" or long-distance calls, the rule's application is vague for subscribers of unlimited phone plans because they do not get billed for individual calls. That could change if the Obama administration pushes through with a proposal to require carriers - instead of the NSA - to collect and store phone metadata, which includes dialed numbers and call lengths but not the content of conversations. Under the administration's proposal, the phone companies would be required to turn over the data to the NSA in response to a court-approved government request. U.S. officials said the carriers might be forced to create new mechanisms to ensure that metadata from flat-rate subscribers could be monitored. They said these issues will require further discussion between the White House, Congress and industry. "These are very complex systems," said one industry source familiar with data storage policies. "I doubt there are companies out there that have a nice, neat, single database that can tell you how long records are kept universally." To great fanfare last month, the Obama administration unveiled a proposal to end the NSA's bulk collection of millions of records of phone calls. But the announcement glossed over key practical issues in implementing the new procedures. The potential gap in records for flat-rate subscribers, as well as the telecommunications companies' strong opposition to onerous data retention requirements, underscores the still-fluid nature of the NSA reforms. "We applaud these proposals to end Section 215 bulk collection, but feel that it is critical to get the details of this important effort right," Verizon Communications Inc General Counsel Randal Milch said in a blog post last week, referring to Section 215 of the Patriot Act, the law that authorized the NSA program. "At this early point in the process, we propose this basic principle that should guide the effort: the reformed collection process should not require companies to store data for longer than, or in formats that differ from, what they already do for business purposes," Milch wrote. Obama's proposal, whose full details have yet to be formally released, is a response to public outcry over revelations by former NSA contractor Edward Snowden about the spy agency's bulk collection of phone records. A senior Obama administration official said: "As questions arise with respect to the proposal, we look forward to working through them with Congress and relevant stakeholders." CHANGING BUSINESS NEEDS One former senior U.S. official said that because of the growing popularity of unlimited-calling plans, over the years the NSA program ended up collecting less and less of the metadata it was legally authorized to acquire. This former official, and a non-government expert who had access to details of the NSA program, said that the agency recently had only been collecting 25 percent to 33 percent of the total U.S. metadata it was authorized to collect. "The change in the nature of billing data means that there's a lot less such data than there used to be," said Stewart Baker, a former senior official at both the NSA and the Department of Homeland Security. Another former U.S. official said he believed phone companies were still obliged to supply the NSA with some kind of record of the metadata other than billing records. The NSA can request business records from phone companies, and carriers do generally keep some phone records for business purposes, such as to manage traffic flow in networks or monitor traffic exchanges with other carriers, said the first industry source. However, those databases are fluid, complex and rarely comprehensive, as they are driven by constantly changing network needs. And that has become a key concern for phone companies in the proposed changes to NSA surveillance. "It strips from us the ability to make business decisions as the technology evolves," the industry source said. "It would cause us to continue to collect stuff that we don't need." If NSA wants to search flat-rate subscribers' metadata, it would only be able to do so on calls going forward from the date that the search is requested, since no earlier data could easily be retrieved, officials said. Under the proposal, the NSA would have to get approval from the secret Foreign Intelligence Surveillance Court to examine phone data for information about calls made to or from a U.S. number. A bill drafted by the House Intelligence Committee would allow the NSA itself to directly request metadata from a phone company under a broad authorization from the FISA court. But the court would later be required to review metadata NSA collected to see if the spying had been legitimate. AT&T Inc declined to comment. Sprint Corp said, "We are reviewing the Obama administration's proposal with great interest and look forward to seeing additional details." (Editing by Warren Strobel and Tiffany Wu) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 6 13:09:39 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Apr 2014 14:09:39 -0400 Subject: [Infowarrior] - =?windows-1252?q?A_veteran_programmer_explains_ho?= =?windows-1252?q?w_the_stock_market_became_=93rigged=94?= Message-ID: <37B81701-7B5B-4572-8523-31C6142658B5@infowarrior.org> A veteran programmer explains how the stock market became ?rigged? ? By Max Ehrenfreund ? April 4 at 10:30 am A small group of financial firms are using their technological superiority to skim the top off the market, Michael Lewis claims in his new book "Flash Boys." There's an increasingly heated debate over whether the practices, known as high-frequency trading, are harmful or helpful. Lewis, for his part, says the market is "rigged," and several federal agencies, including the Department of Justice, are now looking into what Charles Schwab recently labeled "a growing cancer." Sophisticated and expensive computers allow high-frequency traders to take advantage of minuscule differences in price among the many exchanges where securities are bought and sold. Some firms pay to place their computers on the site of a stock exchange to be sure their access to price data is as fast as possible, a practice known as colocation; others will use technology to obscure their trading intentions for a few crucial thousandths of a second. Lewis's book tells the story of Brad Katsuyama, a former trader at the Royal Bank of Canada in New York. Katsuyama opened a new stock exchange last year to give investors protection from HFT. Lewis is not the first to cry foul on these strategies. Eric Scott Hunsader, the founder of Nanex, has made himself immensely unpopular in some circles for his outspoken and persistent criticism of HFT, which he first encountered during the "flash crash" of 2010. Bloomberg called him the "nemesis" and "scourge" of the HFT world. I asked Hunsader to talk about the book, the new stock exchange, and his long career in financial technology. The conversation focused on the Securities and Exchange Commission ruling in 2007 that allowed what we now know as high-frequency trading. The transcript, edited for length and clarity, is below. < - > http://www.washingtonpost.com/blogs/wonkblog/wp/2014/04/04/a-veteran-programmer-explains-how-the-stock-market-became-rigged/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 7 06:07:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Apr 2014 07:07:34 -0400 Subject: [Infowarrior] - =?windows-1252?q?The_=93Cuban_Twitter=94_Scam_Is_?= =?windows-1252?q?a_Drop_in_the_Internet_Propaganda_Bucket?= Message-ID: <7C499998-F6AE-425B-88BC-796F56324C88@infowarrior.org> The ?Cuban Twitter? Scam Is a Drop in the Internet Propaganda Bucket By Glenn Greenwald 4 Apr 2014, 6:15 PM EDT https://firstlook.org/theintercept/2014/04/04/cuban-twitter-scam-social-media-tool-disseminating-government-propaganda/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 7 06:08:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Apr 2014 07:08:58 -0400 Subject: [Infowarrior] - Australian civil servants ordered to fink on colleagues who criticize gov't online Message-ID: <9AA1D55E-FACA-4661-BB34-E6F05C52789E@infowarrior.org> Australian civil servants ordered to fink on colleagues who criticize gov't online Cory Doctorow at 8:00 pm Sun, Apr 6, 2014 Australia's far-right crybaby government is so terrified of civil servants criticizing its policies that it has ordered government employees to snitch on any colleagues who breathe an unhappy word about the politicians of the day online, even if the criticism is anonymous, because it is "unprofessional." Civil servants are also banned from editing Wikipedia in ways that make politicians and their policies look bad. < - > http://boingboing.net/2014/04/06/australian-civil-servants-orde.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 7 21:50:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Apr 2014 22:50:00 -0400 Subject: [Infowarrior] - Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed" References: <20140408012740.GA3739@gsp.org> Message-ID: <8513C5BD-821E-4B37-8DD2-6E0A875EAFCB@infowarrior.org> Begin forwarded message: > From: Rich Kulawiec > Subject: Serious bug in ubiquitous OpenSSL library: "Heartbleed" > Date: April 7, 2014 at 9:27:40 PM EDT > > This reaches across many versions of Linux and BSD and, I'd presume, > into some versions of operating systems based on them. OpenSSL is > used in web servers, mail servers, VPNs, and many other places. > > Writeup: > Heartbleed: Serious OpenSSL zero day vulnerability revealed > http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed-7000028166/ > > Technical details: > Heartbleed Bug > http://heartbleed.com/ > > OpenSSL versions affected (from link just above): > > OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable > OpenSSL 1.0.1g is NOT vulnerable (released today, April 7, 2014) > OpenSSL 1.0.0 branch is NOT vulnerable > OpenSSL 0.9.8 branch is NOT vulnerable > > Note that you can discern your OpenSSL version via: > > openssl version > > ---rsk > From rforno at infowarrior.org Tue Apr 8 06:23:38 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Apr 2014 07:23:38 -0400 Subject: [Infowarrior] - The ONE Revelation About HFT Programs That Truly Scares Bankers Message-ID: <6DB2EA71-146F-4819-8D69-2E0E2E9D549E@infowarrior.org> (I don't normally post ZH stuff but this article hits pretty close to home -- I've seen the effects of these algo-antics firsthand over the years in the futures markets. I'm fine w/speed of trading execution ... but I am opposed to flat-out deception and manipulation of market realities. Indeed, with HFTs, the notion of objective price discovery and "true value" is dead.. --rick) The ONE Revelation About HFT Programs That Truly Scares Bankers (It's Not Stock Market Rigging) http://www.zerohedge.com/contributed/2014-04-08/one-revelation-about-hft-programs-truly-scares-bankers-its-not-stock-market-r --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 8 06:31:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Apr 2014 07:31:09 -0400 Subject: [Infowarrior] - Porn site that spews copyright suits uses lie detectors on defendants Message-ID: (I can see these TROLLS monetising video of their polygraph sessions via a collection of DVDs entitled "Embarrassing Pirate Moments" or some-such. But then again, they heard "poly" in the word "polygraph" and probably got the wrong idea to begin with anyway. --rick) Porn site that spews copyright suits uses lie detectors on defendants Malibu Media fights "copyright troll" label, reveals data about its caseload. http://arstechnica.com/tech-policy/2014/04/porn-site-that-spews-copyright-suits-uses-lie-detectors-on-defendants/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 8 06:35:46 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Apr 2014 07:35:46 -0400 Subject: [Infowarrior] - Kim Dotcom faces massive lawsuit by big-name Hollywood studios Message-ID: (I wonder how much $$$ MPAA is claiming in debilitating losses during yet another banner year for the box office....because clearly their industry is suffering with such lacklister salles, right? --rick) Kim Dotcom faces massive lawsuit by big-name Hollywood studios 20th Century Fox, Disney, Paramount, Universal, Columbia and Warner Bros go to court claiming Megaupload copyright breach ? Australian Associated Press ? theguardian.com, Monday 7 April 2014 23.55 EDT http://www.theguardian.com/world/2014/apr/08/kim-dotcom-faces-massive-lawsuit-by-big-name-hollywood-studios Six major Hollywood film studios have filed a massive copyright infringement lawsuit against Kim Dotcom and his now defunct file-sharing website, Megaupload. The Motion Picture Association of America (MPAA) said on Tuesday that 20th Century Fox, Disney, Paramount, Universal, Columbia Pictures and Warner Bros had filed the action in a US court. It is alleged Megaupload and its key operators ? including Dotcom, who operates out of New Zealand ? facilitated, encouraged and profited from massive copyright infringement of movies and television shows before the website was shut down by US authorities in January 2012. ?Megaupload was built on an incentive system that rewarded users for uploading the most popular content to the site, which was almost always stolen movies, TV shows and other commercial entertainment content,? said Steven Fabrizio, senior executive vice president and global general counsel of the MPAA. ?It paid users based on how many times the content was downloaded by others and didn't pay at all until that infringing content was downloaded 10,000 times. ?Megaupload wasn't a cloud storage service at all; it was an unlawful hub for mass distribution.? Dotcom responded to news of the lawsuit on Twitter, saying the MPAA case ?is a load of nonsense and won't succeed after scrutiny of the facts?. Dotcom is already facing extradition from New Zealand to the US on charges of copyright infringement, money laundering and racketeering relating to Megaupload. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 8 18:13:41 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Apr 2014 19:13:41 -0400 Subject: [Infowarrior] - Snowden Speaks: A Vanity Fair Exclusive Message-ID: <9CCCF588-4F1D-40BC-A463-1A79E6FA86D1@infowarrior.org> Snowden Speaks: A Vanity Fair Exclusive http://www.vanityfair.com/online/daily/2014/04/edward-snowden-interview --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 11 10:32:36 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Apr 2014 11:32:36 -0400 Subject: [Infowarrior] - Friday Humour: Legislative Snark Message-ID: <591BC1DE-E9A1-478C-ADE6-202CC78FF3B1@infowarrior.org> Tom Coburn, a long-time combatant of government waste and fraud who publishes a yearly report exposing the worst of worst in terms of senseless government spending (the "Wastebook") is now using the GAO's own words to craft a bill targeting the money pit that is the National Technical Information Service (NTIS). < -- > SECTION 1. SHORT TITLE. This Act may be cited as the 'Let Me Google That For You Act.' < - > http://www.techdirt.com/articles/20140410/15592326873/sen-coburn-offers-to-put-outdated-agency-out-its-misery-with-his-let-me-google-that-you-bill.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 11 14:05:03 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Apr 2014 15:05:03 -0400 Subject: [Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years Message-ID: <7B4BD5E8-0AED-49F5-BB17-C14EF912D24E@infowarrior.org> NSA Said to Have Used Heartbleed Bug, Exposing Consumers By Michael Riley Apr 11, 2014 2:58 PM ET http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said. The NSA?s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government?s top computer experts. Heartbleed appears to be one of the biggest glitches in the Internet?s history, a flaw in the basic security of as many as two-thirds of the world?s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems. Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations? intelligence arms and criminal hackers. Controversial Practice ?It flies in the face of the agency?s comments that defense comes first,? said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer. ?They are going to be completely shredded by the computer security community for this.? Vanee Vines, an NSA spokeswoman, declined to comment on the agency?s knowledge or use of the bug. Experts say the search for flaws is central to NSA?s mission, though the practice is controversial. A presidential board reviewing the NSA?s activities after Edward Snowden?s leaks recommended the agency halt the stockpiling of software vulnerabilities. The NSA and other elite intelligence agencies devote millions of dollars to hunt for common software flaws that are critical to stealing data from secure computers. Open-source protocols like OpenSSL, where the flaw was found, are primary targets. The Heartbleed flaw, introduced in early 2012 in a minor adjustment to the OpenSSL protocol, highlights one of the failings of open source software development. Free Code While many Internet companies rely on the free code, its integrity depends on a small number of underfunded researchers who devote their energies to the projects. In contrast, the NSA has more than 1,000 experts devoted to ferreting out such flaws using sophisticated analysis techniques, many of them classified. The agency found the Heartbeat glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency?s toolkit for stealing account passwords and other common tasks. The NSA has faced nine months of withering criticism for the breadth of its spying, documented in a rolling series of leaks from Snowden, who was a former agency contractor. The revelations have created a clearer picture of the two roles, sometimes contradictory, played by the U.S.?s largest spy agency. The NSA protects the computers of the government and critical industry from cyberattacks, while gathering troves of intelligence attacking the computers of others, including terrorist organizations, nuclear smugglers and other governments. Serious Flaws Ordinary Internet users are ill-served by the arrangement because serious flaws are not fixed, exposing their data to domestic and international spy organizations and criminals, said John Pescatore, director of emerging security trends at the SANS Institute, a Bethesda, Maryland-based cyber-security training organization. ?If you combine the two into one government agency, which mission wins?? asked Pescatore, who formerly worked in security for the NSA and the U.S. Secret Service. ?Invariably when this has happened over time, the offensive mission wins.? When researchers uncovered the Heartbleed bug hiding in plain sight and made it public on April 7, it underscored an uncomfortable truth: The public may be placing too much trust in software and hardware developers to insure the security of our most sensitive transactions. ?We?ve never seen any quite like this,? said Michael Sutton, vice president of security research at Zscaler, a San Jose, California-based security firm. ?Not only is a huge portion of the Internet impacted, but the damage that can be done, and with relative ease, is immense.? Flawed Protocol The potential stems from a flaw in the protocol used to encrypt communications between users and websites protected by OpenSSL, making those supposedly secure sites an open book. The damage could be done with relatively simple scans, so that millions of machines could be hit by a single attacker. Questions remain about whether anyone other than the U.S. government might have exploited the flaw before the public disclosure. Sophisticated intelligence agencies in other countries are one possibility. If criminals found the flaw before a fix was published this week, they could have scooped up troves of passwords for online bank accounts, e-commerce sites, and e-mail accounts across the world. Evidence of that is so far lacking, and it?s possible that cybercriminals missed the potential in the same way security professionals did, suggested Tal Klein, vice president of marketing at Adallom, in Menlo Park, California. Ordinary Data The fact that the vulnerability existed in the transmission of ordinary data -- even if it?s the kind of data the vast majority of users are concerned about -- may have been a factor in the decision by NSA officials to keep it a secret, said James Lewis, a cybersecurity senior fellow at the Center for Strategic and International Studies. ?They actually have a process when they find this stuff that goes all the way up to the director? of the agency, Lewis said. ?They look at how likely it is that other guys have found it and might be using it, and they look at what?s the risk to the country.? Lewis said the NSA has a range of options, including exploiting the vulnerability to gain intelligence for a short period of time and then discreetly contacting software makers or open source researchers to fix it. SSL Protocol The SSL protocol has a history of security problems, Lewis said, and is not the primary form of protection governments and others use to transmit highly sensitive information. ?I knew hackers who could break it nearly 15 years ago,? Lewis said of the SSL protocol. That may not soothe the millions of users who were left vulnerable for so long. Following the leaks about NSA?s electronic spying, President Barack Obama convened a panel to review the country?s surveillance activities and suggest reforms. Among the dozens of changes put forward was a recommendation that the NSA quickly move to fix software flaws rather that exploit them, and that they be used only in ?rare instances? and for short periods of time. Currently, the NSA has a trove of thousands of such vulnerabilities that can be used to breach some of the world?s most sensitive computers, according to a person briefed on the matter. Intelligence chiefs have said the country?s ability to spot terrorist threats and understand the intent of hostile leaders would be vastly diminished if their use were prohibited. To contact the reporter on this story: Michael Riley in Washington at michaelriley at bloomberg.net To contact the editors responsible for this story: Sara Forden at sforden at bloomberg.net Winnie O?Kelley --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 11 14:27:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Apr 2014 15:27:00 -0400 Subject: [Infowarrior] - Appeals Court Reverses Weev Conviction For Incorrect Venue, Avoids Bigger CFAA Questions Message-ID: <22713AB5-807B-4ED7-966E-AA35D1303FC6@infowarrior.org> Appeals Court Reverses Weev Conviction For Incorrect Venue, Avoids Bigger CFAA Questions http://www.techdirt.com/articles/20140411/09344626881/appeals-court-reverses-weev-conviction-incorrect-venue-avoids-bigger-cfaa-questions.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 11 14:34:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Apr 2014 15:34:52 -0400 Subject: [Infowarrior] - Dropbox faces online protests after appointing Condoleezza Rice to board Message-ID: <07F40B15-EFD6-4FFA-A646-804FE497EA51@infowarrior.org> (Note: for those who look for a privacy-supportive replacement to DropBox, consider SpiderOak. I'm a very happy customer.....and no, I'm not paid to say this or getting a kickback. --rick) Dropbox faces online protests after appointing Condoleezza Rice to board Cloud storage firm hails 'brilliant' former US secretary of state, but some users worried about pro-surveillance stance ? Stuart Dredge ? theguardian.com, Friday 11 April 2014 12.52 EDT http://www.theguardian.com/technology/2014/apr/11/dropbox-condoleezza-rice-privacy-surveillance Dropbox's decision to appoint former US secretary of state Dr Condoleezza Rice to the cloud storage service's board of directors has sparked a heated online row over her views on internet surveillance. Protesters have set up a website ? Drop Dropbox ? describing the appointment as "deeply disturbing" and encouraging people to switch to rival services if the company doesn't "drop" Rice. But supporters of Rice's appointment have also been making their views known on the blog post by Dropbox chief executive Drew Houston that announced the appointment. "When looking to grow our board, we sought out a leader who could help us expand our global footprint," wrote Houston. "Dr Rice has had an illustrious career as Provost of Stanford University, board member of companies like Hewlett Packard and Charles Schwab, and former United States Secretary of State. We?re honored to be adding someone as brilliant and accomplished as Dr. Rice to our team." The anonymous creators of Drop Dropbox beg to differ, citing her role as US president George W Bush's national security advisor in the run-up to the last Iraq War; her past position as a director at energy company Chevron; and most controversially of all, her past defence of warrantless wiretaps on US citizens by the National Security Agency (NSA). "Given everything we now know about the US's warrantless surveillance program, and Rice's role in it, why on earth would we want someone like her involved with Dropbox, an organisation we are trusting with our most important business and personal data?," claims the site, which is encouraging people to post their agreement on Twitter and Facebook using the #DropDropbox hashtag. "Condoleezza Rice should not be on the Board of Directors of Dropbox and her selection shows that Drew Houston and the senior management at Dropbox are ethically short-sighted." For her part, Rice has suggested that her experience will benefit Dropbox as it grapples with the privacy implications of the last year's revelations about surveillance by the NSA, GCHQ and other security agencies. "As a country, we are having a great national conversation and debate about exactly how to manage privacy concerns. I look forward to helping Dropbox navigate it," she told Bloomberg BusinessWeek. A number of supporters have defended her in the comments section of Houston's blog post, citing her race, gender and political views as welcome signs of diversity in Silicon Valley, although the debate is also ? perhaps inevitably ? splitting along political lines. Rice's appointment came alongside other changes at Dropbox, which also hired former Motorola boss Dennis Woodside as its new chief operating officer, revamped its Dropbox for Business service, and launched a standalone photo and video-sharing app called Carousel. Dropbox raised $250m of funding in January at a $10bn valuation, taking its total raised since 2007 to $607m. The company has 275 million people using its service, which enables them to store their files on its servers and access them from all their devices. The nature of its business means Dropbox has been one of the technology companies under scrutiny since the NSA revelations based on documents leaked by whistleblower Edward Snowden in 2013. Dropbox updated its privacy policy on 24 March to set out "Government Data Requests Principles" promising to be transparent about data requests from governments, fight blanket requests, protect users regardless of their location or nationality; and work to protect its systems from the kind of "backdoor" intrusions that have been revealed by the Snowden documents. "Stewardship of your data is critical to us and a responsibility that we embrace," explains the company's privacy policy. "We believe that our users' data should receive the same legal protections regardless of whether it's stored on our services or on their home computer's hard drive." With questions around how wholeheartedly Dropbox can embrace those privacy responsibilities with Rice on its board, it remains to be seen how many of those 275m users will heed Drop Dropbox's call to flee to rivals including Box.com, Microsoft's OneDrive, SpiderOak and Google Drive. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 11 17:55:04 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Apr 2014 18:55:04 -0400 Subject: [Infowarrior] - DNI statement on NSA/OpenSSL allegations Message-ID: <11BE6AFA-E09E-4D09-8012-F1F394CD0BAD@infowarrior.org> Statement on Bloomberg News story that NSA knew about the ?Heartbleed bug? flaw and regularly used it to gather critical intelligence April 11, 2014 http://icontherecord.tumblr.com/post/82416436703/statement-on-bloomberg-news-story-that-nsa-knew NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report. Reports that say otherwise are wrong. Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL. When Federal agencies discover a new vulnerability in commercial and open source software ? a so-called ?Zero day? vulnerability because the developers of the vulnerable software have had zero days to fix it ? it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose. In response to the recommendations of the President?s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities. ODNI Public Affairs Office --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 12 18:29:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Apr 2014 19:29:20 -0400 Subject: [Infowarrior] - POTUS: U.S. Should Reveal, Not Exploit, Internet Security Flaws Message-ID: Obama Decides U.S. Should Reveal, Not Exploit, Internet Security Flaws By DAVID E. SANGER APRIL 12, 2014 http://www.nytimes.com/2014/04/13/us/politics/after-heartbleed-bug-obama-decides-us-should-reveal-internet-security-flaws.html WASHINGTON ? Stepping into a heated debate within the nation?s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security it should ? in most circumstances ? reveal them to assure they get fixed, rather than stockpile them for use in espionage or cyberattacks, senior administration officials said Saturday. But Mr. Obama carved a broad exception for ?a clear national security or law enforcement need,? the officials said, a loophole that is likely to allow the N.S.A. to continue to build a cyberarsenal that it can use both to crack encryption on the Internet or design cyberweapons. The White House has never publicly detailed Mr. Obama?s decision, which he made in January as he launched a three-month-long review of recommendations by a presidential advisory committee on actions warranted in response to recent disclosures about the National Security Agency. But elements of it became evident on Friday when the White House denied that it had any prior knowledge of the ?Heartbleed? bug, a new hole in Internet security that sent Americans scrambling last week to change their online passwords. The White House statement said that when such flaws are discovered, there is now a ?bias? in the government to share that knowledge with computer and software manufacturers so a remedy can be created and distributed to industry and consumers. Caitlin Hayden, the spokeswoman for the National Security Council, said the review of the recommendations was now complete, and it had resulted in a ?reinvigorated? process to weigh the value of disclosing whenever a security flaw is discovered in the Internet against the value of keeping the discovery secret for later use by the intelligence community. ?This process is biased toward responsibly disclosing such vulnerabilities,? she said. Until now the White House has declined to describe Mr. Obama?s action on this recommendation of his advisory committee, whose report is better known for its determination that the government get out of the business of collecting bulk telephone data about the calls made by every American. Mr. Obama announced last month that he would end the bulk collection, and leave the data in the hands of telecommunications companies, with a procedure for the government to obtain it with court orders. But while the surveillance recommendations were noteworthy, inside the intelligence agencies other recommendations, concerning encryption and cyber operations, set off a roaring debate with echoes of the Cold War battles that dominated this city a half-century ago. One recommendation urged the N.S.A. to get out of the business of weakening commercial encryption systems or trying to build in ?back doors? that would make it far easier for the agency to crack the communications of America?s adversaries. Tempting as it was to create easy ways to break codes ? the reason the N.S.A. was established by Harry Truman 62 years ago -- the committee concluded that the practice would undercut trust in American software and hardware products. In recent months Silicon Valley companies have urged the United States to abandon such practices, especially as Germany and Brazil, among other nations, have said they were considering shunning American-origin equipment and software. Their motives were hardly pure: foreign competitors see the N.S.A. disclosures as a way to bar American companies. A second recommendation urged the government to make only the most limited, temporary use of what hackers call ?zero days,? the coding flaws in software like Microsoft Windows than can give an attacker access to a computer ? and any business, government agency or network connected to it. The flaws get their name from the fact that, when identified, ?zero days? exist for the user of the computer system to fix them before hackers can take advantage of the accidental vulnerability. The N.S.A. used four ?zero day? vulnerabilities in its attack on Iran?s nuclear enrichment sites. That operation, code-named ?Olympic Games,? managed to damage roughly 1,000 Iranian centrifuges, and by some accounts helped drive the country to the negotiating table. Not surprisingly, officials at the N.S.A. and at its military partner, the United States Cyber Command, warned that giving up the capability to exploit unknown vulnerabilities would amount to ?unilateral disarmament? ? a phrase taken from the battles over whether and how far to cut America?s nuclear arsenal. ?We don?t eliminate nuclear weapons until the Russians do,? one senior intelligence official said recently. ?You are not going to see the Chinese give up on ?zero days? just because we do.? Even a senior White House official who was sympathetic to broad reforms after the N.S.A. disclosures said last month, ?I can?t imagine the president ? any president ? entirely giving up a technology that might enable him some day to take a covert action that could avoid a shooting war.? At the center of that technology are the kinds of hidden gaps in the Internet ? almost always made by mistake or oversight ? that ?Heartbleed? created. There is no evidence that the N.S.A. had any role in creating ?Heartbleed,? or that it made use of it. When the White House denied knowledge of ?Heartbleed? on Friday afternoon, it appeared to be the first time that the N.S.A. had ever said whether a flaw in the Internet was ? or was not ? in the secret library it keeps at Fort Meade, the headquarters of the agency and Cyber Command. But documents released by Edward J. Snowden, the N.S.A. leaker, make it clear that two years before ?Heartbleed? came into being, the N.S.A. was looking at ways to accomplish exactly what the flaw did by accident. A program code-named ?Bullrun,? apparently named for the Civil War battle just outside Washington, was part of a decade-long effort to crack or circumvent encryption on the web. The documents do not make clear how well it succeeded, but it may well have been more effective than ?Heartbleed? at enabling access to secret data. The United States government has become one of the biggest developers and purchasers of ?zero days,? officials acknowledge Those flaws are big business ? Microsoft pays up to $150,000 to those who find them and bring them to the company to fix ? and other countries are snatching them up so fast that building an arsenal of them has become something of a modern-day arms race. Chief among those nations seeking them are China and Russia, and the Iranians and North Koreans are also in the market. ?Cyber as an offensive weapon will become bigger and bigger,? said Michael DeCesare, who runs the McAffee computer security operations of Intel Corporation. ?I don?t think any amount of policy alone will stop them,? he said of the Russians, the Chinese and others, from doing what they are doing. ?That?s why effective command and control strategies are absolutely imperative on our side.? The presidential advisory committee did not urge the N.S.A. to get out of the business entirely. But it said that the president should make sure the N.S.A. does not ?engineer vulnerabilities? into commercial encryption systems. And it said that if the United States finds a ?zero day? it should patch it, not exploit it, with one exception: senior officials, could ?briefly authorize using a zero day for high priority intelligence protection.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 13 09:19:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Apr 2014 10:19:09 -0400 Subject: [Infowarrior] - SEC nixes high-frequency trading platforms Message-ID: <91B8EAAA-CB4D-400B-A8AA-E3840757C945@infowarrior.org> SEC nixes high-frequency trading platforms By John Aidan Byrne April 13, 2014 | 6:18am http://nypost.com/2014/04/13/sec-nixes-high-frequency-trading-platforms/ The Securities and Exchange Commission is preparing to remove some high-frequency trading firms. In a purge of computerized markets, prompted by public outrage unleashed by Michael Lewis? ?Flash Boys,? the SEC?s campaign will see numerous enforcement actions, new rules and new business practices ? a sweeping overhaul that could benefit the beleaguered New York Stock Exchange, The Post has learned. ?You?ll probably see the commission coalesce around those enforcement cases and then bring new rules on high-frequency trading,? a source with knowledge of the SEC?s thinking told The Post. ?There?s a lot of pressure on the SEC to act.? The SEC is also mulling a trial run for a so-called trade-at rule, requiring brokerages and dark pools to send their orders to the NYSE, Nasdaq and other public exchanges unless better stock prices occur elsewhere, sources say. The New York Stock Exchange is also feeling pressure. Its 22.68 percent market share of US trading in the $22 trillion US equity market has been declining for years ? running almost neck-and-neck recently with high-speed BATS, itself in the cross hairs of critics. The floor has shed thousands of human traders. But the decline could soon be stemmed. Intense lobbying by the NYSE?s owners, IntercontinentalExchange Group (ICE), for reform of the controversial ?maker-taker? rebate rule for buying or selling shares is likely to get more sympathy. The rule?s abolition or amendment, seen as increasingly likely, would help reverse NYSE?s losses to rivals who have taken volume with their better pricing. ?Back in the day, we used to call it pay to play (now it is called maker-taker), and we used to vigorously fight against it,? said NYSE floor trading vet Doreen Mogavero. ?You know, the practice was originally devised by Bernard Madoff ? need I say more?? The source familiar with SEC thinking says the NYSE could get a boost as regulators force out dodgy players among the market?s 45 secretive dark pools, 200 ?internalizers? and 13 public exchanges. But it might also be a mixed blessing. ?Yes, some high-frequency guys are going to be taken out of the game, but the NYSE might get rules they don?t care for,? the source said. ?The ability of exchanges to develop and [profit] from special-order types is going to be stopped ? and this exchange business of selling direct data feeds is going by the wayside.? Mogavero says she?s not against high-frequency trading per se, but adds, ?I do see something wrong though with anybody who is getting a proprietary look at an order to disadvantage the market,? referring to HFT firms that can legally ?front run? a customer?s order. Both the SEC and NYSE declined to comment. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 14 07:12:08 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Apr 2014 08:12:08 -0400 Subject: [Infowarrior] - USG Forces Free Press Advocacy Group To File Its Amicus Brief In NSL Case Under Seal Message-ID: Government Forces Free Press Advocacy Group To File Its Amicus Brief In NSL Case Under Seal from the now-they're-OUR-secrets dept Throw the words "national security" around frequently enough and you might start to believe it actually means something. The EFF's battle against the government's use of National Security Letters (NSLs) is being fought mostly under seal (the EFF can't even reveal whom its clients are). To be sure, there is sensitive material being discussed, but the government's paranoia has extended so far as to seal documents written by entities with no access to classified or sensitive material. (h/t to Trevor Timm) < -- > http://www.techdirt.com/articles/20140410/09452626868/government-forces-free-press-advocacy-group-to-file-its-amicus-brief-nsl-case-under-seal.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 14 13:13:07 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Apr 2014 14:13:07 -0400 Subject: [Infowarrior] - Semi-OT: Kids introduced to Walkman cassette players, hilarity ensues Message-ID: <3E51F51E-D193-44B0-B710-92F9EFAA8548@infowarrior.org> (Let's not feel TOO old here, shall we? ---rick) Kids introduced to Walkman cassette players, hilarity ensues Watch the next generation of gadget lovers attempt to use outdated tech like tape cassettes and a Walkman. Get ready to feel old thanks to the latest "Kids React" video from The Fine Brothers. < - > http://www.cnet.com/news/kids-introduced-to-walkman-cassette-players-hilarity-ensues/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 14 14:30:06 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Apr 2014 15:30:06 -0400 Subject: [Infowarrior] - WaPo, Guardian win Pulitzers for surveillance expose Message-ID: <9493748E-6B17-4154-819D-8C2413F3CCEE@infowarrior.org> (Waiting for DiFi and/or Rep Rogers to come out slamming the Pulitzer folks for their "poor" judgment in making this award. --rick) Washington Post wins Pulitzer Prize for public service, shared with Guardian By Paul Farhi http://www.washingtonpost.com/politics/washington-post-wins-pulitzer-prize-for-public-service-shared-with-guardian/2014/04/14/bc7c4cc6-c3fb-11e3-bcec-b71ee10e9bc3_story.html The Washington Post won two Pulitzer Prizes on Monday, including the prestigious public-service medal for a series of stories that exposed the National Security Agency?s massive global surveillance programs. A team of 28 Post journalists, led by reporter Barton Gellman, shared the public-service award with the British-based Guardian newspaper, which also reported extensively about the NSA?s secret programs. Both Gellman and Glenn Greenwald, then the Guardian?s lead reporter on the NSA pieces, based their articles on classified documents leaked by Edward Snowden, the former government contractor who has fled to exile in Russia, lending a controversial edge to this year?s awards. The Post?s Eli Saslow also won a Pulitzer -- newspaper journalism?s highest award -- for a series of stories about the challenges of people living on food stamps. Saslow, 31, was cited in the explanatory journalism category by the 19-member Pulitzer board in an announcement at Columbia University in New York, which administers the prizes. In addition to its winning entries, The Post had two finalists in this year?s competition: Michael Williamson for feature photography, for work that accompanied Saslow?s food-stamp articles; and the newspaper?s breaking-news coverage of the Washington Navy Yard shootings in September. (See the full list of the Washington Post?s winners and finalists here.) The Boston Globe won in the breaking-news category for its extensive coverage of the Boston Marathon bombings last April. The New York Times swept the two photography categories, for breaking news and features. The award in breaking photography went to Tyler Hicks of the Times, for his photos of a terrorist attack on a shopping mall in Nairobi, Kenya; the feature photography prize went to the newspaper?s Josh Hanes, for his photos of a Boston Marathon bombing victim who lost most of both legs in the attack. The investigative reporting award went to Chris Hamby of the Center for non-profit Public Integrity in Washington for articles about lawyers and doctors who rigged a system to deny benefits to coal miners stricken with black lung disease. The awards to The Post and Guardian for their NSA reporting are likely to generate debate, much like the Pulitzer board?s decision to award it public service medal to the New York Times in 1972 for its disclosures of the Pentagon Papers, a secret government history of the U.S. involvement in the Vietnam War. In both the NSA and Pentagon Papers stories, the reporting was based on leaks of secret documents by government contractors. Both Snowden and Daniel Ellsberg -- who leaked the Pentagon Papers to Times? reporter Neil Sheehan -- were called traitors for their actions. And both the leakers and the news organizations that published stories were accused by critics, including members of Congress, for enabling espionage and harming national security. But Post executive editor Martin Baron said Monday the reporting exposed a national policy ?with profound implications for American citizens? constitutional rights? and the rights of individuals around the world. ?Disclosing the massive expansion of the NSA?s surveillance network absolutely was a public service,? Baron said. ?In constructing a surveillance system of breathtaking scope and intrusiveness, our government also sharply eroded individual privacy. All of this was done in secret, without public debate, and with clear weaknesses in oversight. ? Baron added that without Snowden?s disclosures, ?We never would have known how far this country had shifted away from the rights of the individual in favor of state power. There would have been no public debate about the proper balance between privacy and national security. As even the president has acknowledged, this is a conversation we need to have.? Gellman, 53, said, ?This has been a hard, consequential story, which could have gone wrong in all kinds of ways. I?m thrilled at the recognition for The Post and honestly I?m relieved that we didn?t screw it up.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 15 06:42:14 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Apr 2014 07:42:14 -0400 Subject: [Infowarrior] - Uncle Sam Wants Cyber Warriors, but Can He Compete? Message-ID: <992C6D10-A9E0-4E42-BAA0-7A3DA4CF3966@infowarrior.org> Uncle Sam Wants Cyber Warriors, but Can He Compete? By Dune Lawrence April 15, 2014 The Pentagon plans to triple its cybersecurity staff by 2016, U.S. Secretary of Defense Chuck Hagel announced recently. A few days later, FBI Supervisory Special Agent Charles Gilgen said at a conference on cybercrime that his agency?s cyber division plans to hire 1,000 agents and 1,000 analysts in the coming year. Just those two agencies are looking for 6,000 people with cybersecurity skills in the next two years. That?s a very tall order. A look at one way the government has tried to build and recruit such talent?offering university scholarships?shows why. The biggest such program, called CyberCorps, or Scholarship for Service, started in 2000. The scholarship covers tuition, books, and professional development and includes a cash stipend of $20,000 to $30,000 a year, depending on whether the student is pursuing a bachelor?s, a master?s, or a doctorate. After school, recipients serve in government for the same length of time as they received funding, two to three years, usually. Unlike many government programs, it has seen its budget triple to $45 million a year in the past three fiscal years, says Victor Piotrowski, lead program director for CyberCorps at the National Science Foundation. As of January, CyberCorps had produced 1,554 graduates, with 463 more currently in school. ?You would think, with all those benefits and a hot area, cybersecurity, that people would just be pouring into the program,? says Piotrowski. ?We have a very, very tiny pipeline.? One hurdle is that participants must be U.S. citizens. Right off the bat, that eliminates more than 70 percent of those receiving master?s degrees in computer engineering at U.S. schools, he says. Another factor: The government can?t offer as much pay as the private sector. An online posting for a cyber-analyst job at the Federal Bureau of Investigation in early 2013?there aren?t any more current listings on the federal government?s job site?advertised a salary of $33,979 to $54,028. A listing this month for an information security specialist in the U.S. Marine Corps?s cybersecurity division gave a range of $89,924 to $116,901 a year. That?s just not competitive, particularly for people with in-demand technical skills in malicious software analysis and reverse engineering, according to Golden Richard, a professor with the University of New Orleans Information Assurance Program. ?If you couldn?t break $100,000 as a starting salary, I think you?d have trouble attracting those guys,? he says. Richard said one of his students got a government scholarship to fund his master?s degree but was quickly lured away from his government job by a private company offering him about $150,000 a year. The government also hurts its chances by allowing contractors who do cybersecurity work for federal agencies to offer higher salaries than the government does for similar jobs, says Seymour Goodman, co-director of the Georgia Tech Information Security Center at the Georgia Institute of Technology. Even for those interested in serving their country, rather than selling their services to the highest bidder, there?s a mismatch between government bureaucracy and the culture of cybersecurity researchers, Richard says. ?They tend to want to work alone and be independent and work on what they want?and they have that option,? he says. ?I don?t see those people being really happy locked in a room unable to talk about what they?re doing.? Finally, there?s the Edward Snowden problem: Snowden?s leak of top-secret documents on the National Security Agency?s spying activities has created a reputational issue that Piotrowski of CyberCorps worries about. The NSA is the program?s biggest client, taking 142 of its graduates from fiscal year 2007 to 2012. ?Now part of this tiny community we created will turn back, because they?ll say, I don?t want to spy on U.S. citizens,? Piotrowski says. It?s too early to see any reflection in the program?s numbers, but Piotrowski said he has heard of at least one student who dropped out and cited Snowden?s revelations. It?s not just government agencies that are desperate for cybersecurity specialists. Almost four in 10 IT security positions went unfilled in 2013, according to a survey of more than 500 organizations by the Ponemon Institute, which studies privacy, data protection, and information-security policy. The figure was almost six in 10 for senior security jobs. ?Market forces aren?t happening fast enough in security,? says Art Gilliland, general manager of enterprise security products at Hewlett-Packard (HPQ), which funded the Ponemon research. ?The typical security person is paid the same as a typical IT person, and yet the demand is way higher. The salaries are not increasing fast enough to attract more people.? Lawrence is a reporter for Bloomberg News in New York. http://www.businessweek.com/printer/articles/194685-uncle-sam-wants-cyber-warriors-but-can-he-compete --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 15 10:14:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Apr 2014 11:14:22 -0400 Subject: [Infowarrior] - =?windows-1252?q?Who=92s_watching_me=3F_Police_to?= =?windows-1252?q?ok_photos_of_my_license_plates?= Message-ID: Who?s watching me? Police took photos of my license plates By Kathryn Watson / April 14, 2014 / 74 Comments http://watchdog.org/138370/police-reporters-license/ ALEXANDRIA, Va. ? The police know exactly where my car has been ? and when ? during the past few months. They could have the same information ? or more ? about you. As a part of my series on the use of automatic license plate readers in Virginia, I wanted to find out what kind of information local police might have. By law, the only information I?m privileged to is my own. Last week I filed a public records request with the Alexandria Police Department. I?ve lived in the lovely city of Alexandria for just two years, and my driving record ? aside from the occasional parking ticket ? is virtually spotless. What I found, however, left me riveted. In all, police captured 16 photos of my car ? mostly at night ? and recorded my license plate eight times on five dates ? from October 2013 to as recently as April 1. In January, a license plate reader captured my plate twice while my car was parked in the lot of my apartment complex, according to latitude and longitude records. Police also captured records of my car as I drove to Bible study on a typical Wednesday night in March. Still, others were captured in various spots around Old Town Alexandria. Per Alexandria Police Department policy, LPR-generated data may be kept on a computer for up to 30 days, pending upload to the LPR database. There, information can be kept for up to six months, according to Crystal Nosal, commander and senior public information officer for the Alexandria Police Department. Police Chief Earl Cook ratcheted down that storage policy from four years to two, and then from two years to six months. Alexandria police have 13 mobile systems, which are mounted only on police vehicles, Nosal said. The state?s highest constitutional office has already said random collection and storage isn?t legal ? but many local police departments in Virginia continue to do it. Last year, then-Attorney General Ken Cuccinelli concluded in an official opinion that ?data collected in the continuous, passive manner that is not properly defined as ?criminal intelligence information and not otherwise relating directly to law enforcement investigations and intelligence gathering respecting criminal activity ? may not be lawfully collected through the use of LPR technology.? The Alexandria commonwealth?s attorney and city attorney disagreed with Cuccinelli?s legal opinion. An attorney general?s opinion doesn?t bear the force of law. That?s left to the courts. Police say ALPR technology helps police identify and catch criminals in ways other approaches simply can?t. In January, Alexandria police, guided by ALPR-gathered data, were able to apprehend the suspected robber of a U.S. Postal Serivce office. ?LPR has been a successful tool in identifying leads in lots of cases from homicide to larceny. There is not one specific crime type,? Nosal said, mentioning that records can be used to find parking violators, too. ?Recovering stolen automobiles and detecting parking violations are probably the best examples, however, we do not maintain statistical data on when LPR was used as a tool since it is merely a pointer system.? That kind of success doesn?t happen every day. A study of Maryland?s use of the technology found that for every 1 million license plates scanned, only 47 were connected with serious crimes, according to the American Civil Liberties Union. The ACLU of Virginia is encouraging people to file records request with their own police departments. The top-of-the-line ALPR technology allows local police departments like Alexandria?s to capture up to 1,800 license plates per minute, even of cars going up to 160 mph. Police can check license plate data to match one vehicle?s moves, or against things such as DMV records. That?s exactly why civil rights advocates such as John Whitehead, president of the Rutherford Institute in Charlottesville, said the widespread collection and preservation of license plate data not only potentially violates search and seizure rights in the Fourth Amendment, but it also makes people leery to exercise their First Amendment rights. In 2008 and 2009, the Virginia State Police, which now regularly expunges records but still collects them, captured license plate data of people at political rallies for Sarah Palin and Barack Obama. ?It could be used against you later,? Whitehead said earlier this month. After writing this, I?ll be sure to keep a closer eye on my surroundings. All it would take is a quick search of the records to find out where I live and where I typically travel. Kathryn Watson is an investigative reporter for Watchdog.org, and can be reached at kwatson at watchdog.org. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 15 19:52:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Apr 2014 20:52:37 -0400 Subject: [Infowarrior] - All sent and received e-mails in Gmail will be analyzed, says Google Message-ID: <593E46EA-27D1-4ECC-9399-73CDF561196C@infowarrior.org> All sent and received e-mails in Gmail will be analyzed, says Google The new text might be a reaction to the e-mail scanning lawsuit. by Casey Johnston - Apr 15 2014, 6:35pm EDT http://arstechnica.com/business/2014/04/google-adds-to-tos-yes-we-scan-all-your-e-mails/ Non-Gmail users never agreed to have their e-mail scanned, lawyers say. Google added a paragraph to its terms of service as of Monday to tell customers that, yes, it does scan e-mail content for advertising and customized search results, among other reasons. The change comes as Google undergoes a lawsuit over its e-mail scanning, with the plaintiffs complaining that Google violated their privacy. E-mail users brought the lawsuit against Google in 2013, alleging that the company was violating wiretapping laws by scanning the content of e-mails. The plaintiffs' complaints vary, but some of the cases include people who sent their e-mails to Gmail users from non-Gmail accounts and nonetheless had their content scanned. They argue that since they didn't use Gmail, they didn't consent to the scanning. US District Judge Lucy Koh refused Google's motion to dismiss the case in September. Koh also denied the plaintiffs class-action status in March on the grounds that the ways that Google might have notified the various parties of its e-mail scanning are too different, and she could not decide the case with a single judgment. This is the full text of Google's terms of service addition related to e-mail scanning: "Our automated systems analyze your content (including e-mails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored." While the new text makes the scanning practices very clear, the issue at hand for many of the plaintiffs in Google's lawsuit is whether non-Gmail users are obligated to be familiar, or were familiar, with the Gmail terms of service even though they were not users themselves. The specific mention of "received" content suggests Google may not want the burden of warning non-Gmail users that e-mails sent to Gmail will be scanned. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 16 10:56:29 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Apr 2014 11:56:29 -0400 Subject: [Infowarrior] - Intel Community Agrees To Allow Industry To Sell High-Res Imagery, Message-ID: <3702D60A-271E-4EC7-82D0-B5C935673875@infowarrior.org> DefenseDaily.com April 15, 2014 Intel Community Agrees To Allow Industry To Sell High-Res Imagery, Clapper Says Pat Host The Intelligence Community (IC) has reached a consensus allowing commercial satellite imagery companies to sell high resolution imagery, Director of National Intelligence (DNI) James Clapper said Tuesday. < - > The announcement is certainly good news for companies like DigitalGlobe [DGI], which have been pressing the federal government to ease restrictions on selling its highest-quality imagery. Domestic imagers are currently prohibited from selling imagery with resolution better than 50 cm in panchromatic, or black and white; two meters in the multi-spectral and 7.5 meters in shortwave infrared (IR). DigitalGlobe last May petitioned the National Oceanic Atmospheric Administration (NOAA) to ease these resolution restrictions, which it claimed hampered industry. An email to NOAA for comment on developments was not returned by press time. DigitalGlobe in August plans to launch its advanced WorldView-3 satellite capable of 31 cm resolution panchromatic, 1.24 meter resolution multi-spectral and potentially 3.7 meter resolution in shortwave IR, according to an April 8 blog post on its website. DigitalGlobe said Ball Aerospace [BLL], manufacturer of WorldView-3, completed thermal vacuum, acoustic, vibration and pyro-separation testing on the satellite and its integrated sensors and electronics to confirm the spacecraft?s design integrity. Electromagnetic interference and electromagnetic compatibility will wrap up April 23. DigitalGlobe Chief Technology Officer (CTO) Walter Scott told Defense Daily last year the company wants the restrictions lifted because companies today can use airplanes to get 5 cm resolution in 90 countries, in addition to foreign competitors providing 50 cm resolution imagery via satellite. Scott added that there were ?dozens? of other satellites either in operation, or in preparation, to be launched that operate close to, or in a few cases, better than 50 cm resolution. < - > http://www.defensedaily.com/intel-community-agrees-to-allow-industry-to-sell-high-res-imagery-clapper-says/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 16 13:20:13 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Apr 2014 14:20:13 -0400 Subject: [Infowarrior] - Lacie confesses to year-long data breach as hackers harvest customers' details Message-ID: <9DEF40C8-7FF4-4A4B-B25D-233FE934A558@infowarrior.org> Lacie confesses to year-long data breach as hackers harvest customers' details By Chris Merriman Wed Apr 16 2014, 16:11 http://www.theinquirer.net/inquirer/news/2340305/lacie-confesses-to-year-long-data-breach-as-hackers-harvest-customers-details STORAGE MAKER Lacie has revealed a security breach affecting visitors to its website, who might have had their credit card details swiped. A hacker repeatedly exploited a flaw in the Lacie website, using malware to gain access to customer details. The incident only came to light when the US Federal Bureau of Investigation (FBI) contacted Lacie on 19 March. Anyone who made a credit card purchase on the Lacie website between 27 March 2013 and 10 March 2014 appears to have had their personal information compromised, including names, addresses, email accounts and payment card details. Lacie has reset all passwords for the website, as these are likely to have been accessed too. The company is in the process of contacting affected customers by email. In a statement, the company advised, "If you see a fraudulent charge on your card, please immediately contact the bank that issued your card. Major credit card companies typically guarantee cardholders will not be responsible for fraudulent charges. Please be on the lookout and review your account statements for any unauthorized activity." The company, which was bought by Seagate last year, recently announced what it claims to be the world's fastest portable hard drive, aimed at the 4K video market. With a price of over ?1,000, this level of spending potential might have been what attracted hackers to target Lacie specifically. A "leading forensic investigation firm" is attempting to track down the cuprit, while Lacie is working on better security measures. In the meantime, the shopping part of the website has been disabled. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 17 06:00:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Apr 2014 07:00:34 -0400 Subject: [Infowarrior] - OT: Financial Matters Message-ID: <0F5687D4-6550-4E20-8787-CE9074DECC79@infowarrior.org> (some very very VERY good points on this list. --rick) Financial Matters Posted on April 15, 2014 ?If I were an executive coach, I would try to focus each individual on the facets they can control. Emphasizing what?s in your control allows you to adopt an attitude of equanimity toward luck. You?ve done all that you can, and from there you have to live with the results?good or bad.? ? Michael Mauboussin Wading through the overwhelming noise can be a chore when dealing with your finances and investments. Here?s my list to help you decide what really matters and what you can do without when making financial decisions. < -- > http://awealthofcommonsense.com/financial-matters/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 17 06:07:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Apr 2014 07:07:09 -0400 Subject: [Infowarrior] - PIR: U.S. Views of Technology and the Future Message-ID: <7C672998-76FF-4EF6-B2C0-774D81ABB65E@infowarrior.org> U.S. Views of Technology and the Future Science in the next 50 years http://www.pewinternet.org/2014/04/17/us-views-of-technology-and-the-future/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 17 08:21:10 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Apr 2014 09:21:10 -0400 Subject: [Infowarrior] - CNN fail Message-ID: <1757280C-F7D3-4DD2-865C-4D9E811954BB@infowarrior.org> The Titanic Sank. And CNN is ON IT! http://www.washingtonpost.com/blogs/compost/wp/2014/04/16/the-titanic-sank-and-cnn-is-on-it/ CNN is beyond pathetic these days.....As the WaPo reporter writes, "What happened to the Hinderberg? Is the Lusitania okay?" --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 17 09:06:48 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Apr 2014 10:06:48 -0400 Subject: [Infowarrior] - =?windows-1252?q?When_=91Liking=92_a_Brand_Online?= =?windows-1252?q?_Voids_the_Right_to_Sue?= Message-ID: <02783CB8-5529-4068-8388-8E8C0881CA22@infowarrior.org> Somehow I can't see a court supporting this view....but stranger things have happened. --rick When ?Liking? a Brand Online Voids the Right to Sue By STEPHANIE STROMAPRIL 16, 2014 http://www.nytimes.com/2014/04/17/business/when-liking-a-brand-online-voids-the-right-to-sue.html General Mills, the maker of Cheerios and other foods, hopes to prevent customers from taking legal action. Might downloading a 50-cent coupon for Cheerios cost you legal rights? General Mills, the maker of cereals like Cheerios and Chex as well as brands like Bisquick and Betty Crocker, has quietly added language to its website to alert consumers that they give up their right to sue the company if they download coupons, ?join? it in online communities like Facebook, enter a company-sponsored sweepstakes or contest or interact with it in a variety of other ways. Instead, anyone who has received anything that could be construed as a benefit and who then has a dispute with the company over its products will have to use informal negotiation via email or go through arbitration to seek relief, according to the new terms posted on its site. In language added on Tuesday after The New York Times contacted it about the changes, General Mills seemed to go even further, suggesting that buying its products would bind consumers to those terms. ?We?ve updated our Privacy Policy,? the company wrote in a thin, gray bar across the top of its home page. ?Please note we also have new Legal Terms which require all disputes related to the purchase or use of any General Mills product or service to be resolved through binding arbitration.? The change in legal terms, which occurred shortly after a judge refused to dismiss a case brought against the company by consumers in California, made General Mills one of the first, if not the first, major food companies to seek to impose what legal experts call ?forced arbitration? on consumers. ?Although this is the first case I?ve seen of a food company moving in this direction, others will follow ? why wouldn?t you?? said Julia Duncan, director of federal programs and an arbitration expert at the American Association for Justice, a trade group representing plaintiff trial lawyers. ?It?s essentially trying to protect the company from all accountability, even when it lies, or say, an employee deliberately adds broken glass to a product.? General Mills declined to make anyone available for an interview about the changes. ?While it rarely happens, arbitration is an efficient way to resolve disputes ? and many companies take a similar approach,? the company said in a statement. ?We even cover the cost of arbitration in most cases. So this is just a policy update, and we?ve tried to communicate it in a clear and visible way.? A growing number of companies have adopted similar policies over the years, especially after a 2011 Supreme Court decision, AT&T Mobility v. Concepcion, that paved the way for businesses to bar consumers claiming fraud from joining together in a single arbitration. The decision allowed companies to forbid class-action lawsuits with the use of a standard-form contract requiring that disputes be resolved through the informal mechanism of one-on-one arbitration. Credit card and mobile phone companies have included such limitations on consumers in their contracts, and in 2008, the magazine Mother Jones published an article about a Whataburger fast-food restaurant that hung a sign on its door warning customers that simply by entering the premises, they agreed to settle disputes through arbitration. Companies have continued to push for expanded protection against litigation, but legal experts said that a food company trying to limit its customers? ability to litigate against it raised the stakes in a new way. What if a child allergic to peanuts ate a product that contained trace amounts of nuts but mistakenly did not include that information on its packaging? Food recalls for mislabeling, including failures to identify nuts in products, are not uncommon. ?When you?re talking about food, you?re also talking about things that can kill people,? said Scott L. Nelson, a lawyer at Public Citizen, a nonprofit advocacy group. ?There is a huge difference in the stakes, between the benefit you?re getting from this supposed contract you?re entering into by, say, using the company?s website to download a coupon, and the rights they?re saying you?re giving up. That makes this agreement a lot broader than others out there.? Big food companies are concerned about the growing number of consumers filing class-action lawsuits against them over labeling, ingredients and claims of health threats. Almost every major gathering of industry executives has at least one session on fighting litigation. Last year, General Mills paid $8.5 million to settle lawsuits over positive health claims made on the packaging of its Yoplait Yoplus yogurt, saying it did not agree with the plaintiff?s accusations but wanted to end the litigation. In December 2012, it agreed to settle another suit by taking the word ?strawberry? off the packaging label for Strawberry Fruit Roll-Ups, which did not contain strawberries. General Mills amended its legal terms after a judge in California on March 26 ruled against its motion to dismiss a case brought by two mothers who contended that the company deceptively marketed its Nature Valley products as ?natural? when they contained processed and genetically engineered ingredients. ?The front of the Nature Valley products? packaging prominently displays the term ?100% Natural? that could lead a reasonable consumer to believe the products contain only natural ingredients,? wrote the district judge, William H. Orrick. He wrote that the packaging claim ?appears to be false? because the products contain processed ingredients like high-fructose corn syrup and maltodextrin. Arbitration experts said courts would probably require General Mills to prove that a customer was aware of its new policy before issuing decisions denying legal action against the company. The policy is so broadly written, lawyers say, that it is likely to raise interesting legal questions. For instance, on Tuesday an order was placed through the company?s online store for a Cheerios bowl, before General Mills posted the notice about the change to its legal terms on its home page. At no point did the order system suggest changes had been made to the legal terms governing the buyer. It offered a link to the company?s privacy policy, and two opt-out boxes for receiving promotional materials through email. Whether a court would rule that, under the new policy, the buyer of the bowl could not sue General Mills was unclear, since the General Mills home page now included a message about the changes it had made to its legal terms. ?A transaction has taken place that, according to General Mills, includes an agreement to submit to informal negotiation or arbitration in the event of a dispute,? Mr. Nelson said. He said he did not think a court would agree to enforce the policy if a consumer merely visited a General Mills website, ?but we really don?t know.? ?You can bet,? he said, ?there will be some subpoenas for computer hard drives in the future.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 18 06:11:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Apr 2014 07:11:55 -0400 Subject: [Infowarrior] - Snowden's op-ed ref: his Putin question Message-ID: <3F881EB2-6F0A-47CA-97E7-47FB0C8ADF6D@infowarrior.org> Vladimir Putin must be called to account on surveillance just like Obama I questioned the Russian president live on TV to get his answer on the record, not to whitewash him ? Edward Snowden ? theguardian.com, Friday 18 April 2014 00.06 EDT http://www.theguardian.com/commentisfree/2014/apr/18/vladimir-putin-surveillance-us-leaders-snowden On Thursday, I questioned Russia's involvement in mass surveillance on live television. I asked Russia's president, Vladimir Putin, a question that cannot credibly be answered in the negative by any leader who runs a modern, intrusive surveillance program: "Does [your country] intercept, analyse or store millions of individuals' communications?" I went on to challenge whether, even if such a mass surveillance program were effective and technically legal, it could ever be morally justified. The question was intended to mirror the now infamous exchange in US Senate intelligence committee hearings between senator Ron Wyden and the director of national intelligence, James Clapper, about whether the NSA collected records on millions of Americans, and to invite either an important concession or a clear evasion. (See a side-by-side comparison of Wyden's question and mine here.) Clapper's lie ? to the Senate and to the public ? was a major motivating force behind my decision to go public, and a historic example of the importance of official accountability. In his response, Putin denied the first part of the question and dodged on the latter. There are serious inconsistencies in his denial ? and we'll get to them soon ? but it was not the president's suspiciously narrow answer that was criticised by many pundits. It was that I had chosen to ask a question at all. I was surprised that people who witnessed me risk my life to expose the surveillance practices of my own country could not believe that I might also criticise the surveillance policies of Russia, a country to which I have sworn no allegiance, without ulterior motive. I regret that my question could be misinterpreted, and that it enabled many to ignore the substance of the question ? and Putin's evasive response ? in order to speculate, wildly and incorrectly, about my motives for asking it. The investigative journalist Andrei Soldatov, perhaps the single most prominent critic of Russia's surveillance apparatus (and someone who has repeatedly criticised me in the past year), described my question as "extremely important for Russia". It could, he said, "lift a de facto ban on public conversations about state eavesdropping." Others have pointed out that Putin's response appears to be the strongest denial of involvement in mass surveillance ever given by a Russian leader ? a denial that is, generously speaking, likely to be revisited by journalists. In fact, Putin's response was remarkably similar to Barack Obama's initial, sweeping denials of the scope of the NSA's domestic surveillance programs, before that position was later shown to be both untrue and indefensible. So why all the criticism? I expected that some would object to my participation in an annual forum that is largely comprised of softball questions to a leader unaccustomed to being challenged. But to me, the rare opportunity to lift a taboo on discussion of state surveillance before an audience that primarily views state media outweighed that risk. Moreover, I hoped that Putin's answer ? whatever it was ? would provide opportunities for serious journalists and civil society to push the discussion further. When this event comes around next year, I hope we'll see more questions on surveillance programs and other controversial policies. But we don't have to wait until then. For example, journalists might ask for clarification as to how millions of individuals' communications are not being intercepted, analysed or stored, when, at least on a technical level, the systems that are in place must do precisely that in order to function. They might ask whether the social media companies reporting that they have received bulk collection requests from the Russian government are telling the truth. I blew the whistle on the NSA's surveillance practices not because I believed that the United States was uniquely at fault, but because I believe that mass surveillance of innocents ? the construction of enormous, state-run surveillance time machines that can turn back the clock on the most intimate details of our lives ? is a threat to all people, everywhere, no matter who runs them. Last year, I risked family, life, and freedom to help initiate a global debate that even Obama himself conceded "will make our nation stronger". I am no more willing to trade my principles for privilege today than I was then. I understand the concerns of critics, but there is a more obvious explanation for my question than a secret desire to defend the kind of policies I sacrificed a comfortable life to challenge: if we are to test the truth of officials' claims, we must first give them an opportunity to make those claims. ? Edward Snowden wrote for the Guardian through the Freedom of the Press Foundation --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 18 12:07:42 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Apr 2014 13:07:42 -0400 Subject: [Infowarrior] - US Has A 'Secret Exception' To Reasonable Suspicion For Putting People On The No Fly List Message-ID: <758025F7-5587-4DD2-B918-CC3BE419A07B@infowarrior.org> "What sort of country is this where there's a secret exception to "reasonable suspicion" that will put you on a set of secret lists that get you treated like a terrorist for wanting to travel?" < - > US Has A 'Secret Exception' To Reasonable Suspicion For Putting People On The No Fly List http://www.techdirt.com/articles/20140417/17265226950/us-has-secret-exception-to-reasonable-suspicion-putting-people-no-fly-list.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 18 15:24:13 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Apr 2014 16:24:13 -0400 Subject: [Infowarrior] - The United States of SWAT? Message-ID: April 18, 2014 4:00 AM The United States of SWAT? Military-style units from government agencies are wreaking havoc on non-violent citizens. By John Fund http://www.nationalreview.com/article/376053/united-states-swat-john-fund Regardless of how people feel about Nevada rancher Cliven Bundy?s standoff with the federal Bureau of Land Management over his cattle?s grazing rights, a lot of Americans were surprised to see TV images of an armed-to-the-teeth paramilitary wing of the BLM deployed around Bundy?s ranch. They shouldn?t have been. Dozens of federal agencies now have Special Weapons and Tactics (SWAT) teams to further an expanding definition of their missions. It?s not controversial that the Secret Service and the Bureau of Prisons have them. But what about the Department of Agriculture, the Railroad Retirement Board, the Tennessee Valley Authority, the Office of Personnel Management, the Consumer Product Safety Commission, and the U.S. Fish and Wildlife Service? All of these have their own SWAT units and are part of a worrying trend towards the militarization of federal agencies ? not to mention local police forces. ?Law-enforcement agencies across the U.S., at every level of government, have been blurring the line between police officer and soldier,? journalist Radley Balko writes in his 2013 book Rise of the Warrior Cop. ?The war on drugs and, more recently, post-9/11 antiterrorism efforts have created a new figure on the U.S. scene: the warrior cop ? armed to the teeth, ready to deal harshly with targeted wrongdoers, and a growing threat to familiar American liberties.? The proliferation of paramilitary federal SWAT teams inevitably brings abuses that have nothing to do with either drugs or terrorism. Many of the raids they conduct are against harmless, often innocent, Americans who typically are accused of non-violent civil or administrative violations. Take the case of Kenneth Wright of Stockton, Calif., who was ?visited? by a SWAT team from the U.S. Department of Education in June 2011. Agents battered down the door of his home at 6 a.m., dragged him outside in his boxer shorts, and handcuffed him as they put his three children (ages 3, 7, and 11) in a police car for two hours while they searched his home. The raid was allegedly intended to uncover information on Wright?s estranged wife, Michelle, who hadn?t been living with him and was suspected of college financial-aid fraud. The year before the raid on Wright, a SWAT team from the Food and Drug Administration raided the farm of Dan Allgyer of Lancaster, Pa. His crime was shipping unpasteurized milk across state lines to a cooperative of young women with children in Washington, D.C., called Grass Fed on the Hill. Raw milk can be sold in Pennsylvania, but it is illegal to transport it across state lines. The raid forced Allgyer to close down his business. Brian Walsh, a senior legal analyst with the Heritage Foundation, says it is inexplicable why so many federal agencies need to be battle-ready: ?If these agencies occasionally have a legitimate need for force to execute a warrant, they should be required to call a real law-enforcement agency, one that has a better sense of perspective. The FBI, for example, can draw upon its vast experience to determine whether there is an actual need for a dozen SWAT agents.? Since 9/11, the feds have issued a plethora of homeland-security grants that encourage local police departments to buy surplus military hardware and form their own SWAT units. By 2005, at least 80 percent of towns with a population between 25,000 and 50,000 people had their own SWAT team. The number of raids conducted by local police SWAT teams has gone from 3,000 a year in the 1980s to over 50,000 a year today. Once SWAT teams are created, they will be used. Nationwide, they are used for standoffs, often serious ones, with bad guys. But at other times they?ve been used for crimes that hardly warrant military-style raids. Examples include angry dogs, domestic disputes, and misdemeanor marijuana possession. In 2010, a Phoenix, Ariz., sheriff?s SWAT team that included a tank and several armored vehicles raided the home of Jesus Llovera. The tank, driven by the newly deputized action-film star Steven Seagal, plowed right into Llovera?s house. The incident was filmed and, together with footage of Seagal-accompanied immigration raids, was later used for Seagal?s A&E TV law-enforcement reality show. The crime committed by Jesus Llovera was staging cockfights. During the sheriff?s raid, his dog was killed, and later all of his chickens were put to sleep. Many veteran law-enforcement figures have severe qualms about the turn police work is taking. One retired veteran of a large metropolitan police force told me: ?I was recently down at police headquarters for a meeting. Coincidently, there was a promotion ceremony going on and the SWAT guys looked just like members of the Army, except for the police shoulder patches. Not an image I would cultivate. It leads to a bad mindset.? Indeed, the U.S. Constitution?s Third Amendment, against the quartering of troops in private homes, was part of an overall reaction against the excesses of Britain?s colonial law enforcement. ?It wasn?t the stationing of British troops in the colonies that irked patriots in Boston and Virginia,? Balko writes. ?It was England?s decision to use the troops for everyday law enforcement.? There are things that can be done to curb the abuses without taking on the politically impossible job of disbanding SWAT units. The feds should stop shipping military vehicles to local police forces. Federal SWAT teams shouldn?t be used to enforce regulations, but should focus instead on potentially violent criminals. Cameras mounted on the dashboards of police cars have both brought police abuses to light and exonerated officers who were falsely accused of abuse. SWAT-team members could be similarly equipped with helmet cameras. After all, if taxpayers are being asked to foot the bill and cede ground on their Fourth Amendment rights, they have the right to a transparent, accountable record of just what is being done in their name. ? John Fund is national-affairs columnist at National Review Online. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 19 09:21:30 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Apr 2014 10:21:30 -0400 Subject: [Infowarrior] - The Crazy Redactions Of The No Fly List Decision Message-ID: <2FB4F0F4-727D-4126-81EF-69DB85A2C301@infowarrior.org> The Crazy Redactions Of The No Fly List Decision http://www.techdirt.com/articles/20140417/18082226951/crazy-redactions-no-fly-list-decision-kafkaesque-on-off-on-redactions.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 19 10:19:04 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Apr 2014 11:19:04 -0400 Subject: [Infowarrior] - Berkman Center announces leadership transition Message-ID: Berkman Center announces leadership transition April 18, 2014 http://today.law.harvard.edu/berkman-center-announces-leadership-transition/ The Berkman Center for Internet & Society has announced a leadership transition as Professor William (Terry) Fisher steps down after 12 years as Chair of the Board of Directors and Professor Jonathan Zittrain, the co-founder of the Berkman Center and Vice Dean for Library and Information Resources at Harvard Law School, assumes the role. The change will be effective as of July 1, 2014. Said Harvard University Provost Alan M. Garber: ?Under Terry Fisher?s extraordinary leadership, the Berkman Center has become known as the home of some of the most penetrating thinking about how we interact with cyberspace and how it can be developed to serve society better. We are indebted to him for nurturing and helping to shape this unique resource for Harvard and the world. Jonathan Zittrain is a most worthy successor. Long a pillar of the Berkman community, he has the intellect, breadth of interests, creativity, and dedication to ensure that the center will remain vital ? indeed, indispensable ? at a time when the Internet is woven into more and more aspects of our lives.? Said HLS Dean Martha Minow: ?Terry Fisher?s stellar leadership has ensured the Berkman Center?s vibrant collaborations across disciplines, sectors, and geographies, while also providing an unerring commitment to combining creativity with a focus on the opportunities and challenges afforded by cyberspace and the communities and communication it enables. I join with the Provost and Directors in delight that Jonathan Zittrain will take up the role of chair. As one of the co-founders of the Center and as a fount of superb ideas, Jonathan brings deep knowledge and innovative spirit to this extraordinary effort.? Urs Gasser, the Berkman Center?s Executive Director and a Professor of Practice at HLS, said, ?The Berkman Center team is deeply grateful for all that Terry Fisher has contributed to the Center and the community during his extraordinary tenure, and wishes him a truly well deserved and restful sabbatical in 2014-2015. Recognized as a visionary here at Berkman and around the world, Jonathan Zittrain will continue to inspire and delight the community and help deepen our national and international network of partners across all sectors.? He noted that Zittrain?s faculty appointments with the Harvard School of Engineering and Applied Sciences and the Harvard John F. Kennedy School of Government will further strengthen the Center?s collaborations across Campus. Terry Fisher has led the Berkman Center since 2002, helping to shape it during a period of maturation and expansion. Under his guidance, the Center has grown from a small research unit at Harvard Law School into a University-wide Center and a world-renowned community of scholars and activists, engaged in rigorous research and socially responsible innovation. He navigated the Center through the lean times of the fiscal crisis and oversaw the successful incubation of numerous projects and initiatives that have changed the landscape of academic inquiry pertaining to information technology. Zittrain?s transition to the position of Faculty Chair represents both momentum and re-commitment to the ethos and spirit in which he co-founded the Berkman Center with Charlie Nesson in 1997. Professor Zittrain?s commitment to and passion for the development of innovative research and teaching programs will continue to infuse the Center?s direction and activities, building on the strong foundation and programs that flourished under Terry Fisher?s leadership, said Dean Minow. As the Berkman Center?s principal governing body, the Board of Directors shapes the Berkman Center?s overall vision and makes significant financial, research, academic, personnel, governance, and other overarching strategic decisions. Terry Fisher remains a member of the Board, joined by Professors Yochai Benkler, Susan Crawford, John Deighton, Charles Nesson, Felix Oberholzer-Gee, John Palfrey, Jeffrey Schnapp, Stuart Shieber, and Mark Wu. Board member Urs Gasser continues as Executive Director, leading implementation of the vision and objectives set forth by the Board. The Berkman Center for Internet & Society at Harvard University is a research program founded to explore cyberspace, share in its study, and help pioneer its development. Founded in 1997, through a generous gift from Jack N. and Lillian R. Berkman, the Center is home to an ever-growing community of faculty, fellows, staff, and affiliates working on projects that span the broad range of intersections between cyberspace, technology, and society. More information can be found at http://cyber.law.harvard.edu. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 19 10:59:57 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Apr 2014 11:59:57 -0400 Subject: [Infowarrior] - =?windows-1252?q?The_mentality_of_J_Edgar_Hoover?= =?windows-1252?q?=92s_FBI_undergirds_today=92s_surveillance_state?= Message-ID: The mentality of J Edgar Hoover?s FBI undergirds today?s surveillance state People forget that the FBI is the NSA's primary partner in domestic spying, which allows them to work in secret ? Trevor Timm ? theguardian.com, Saturday 19 April 2014 10.00 EDT http://www.theguardian.com/commentisfree/2014/apr/19/hoovers-fbi-todays-surveillance-state The new documentary 1971, about the formerly anonymous FBI burglars who exposed the crimes of former FBI director J. Edgar Hoover, debuted to a rapt audience at the Tribecca film festival last night. As the filmmakers noted in an interview with the AP, the parallels between Nixon-era FBI whistleblowers and Edward Snowden's NSA revelations are almost eerie in their similarity. But while the NSA connection seems obvious, the movie will actually shed light on the domestic intelligence agency with far more power over ordinary Americans: the modern FBI. Everyone seems to forget that the FBI is the NSA's primary partner in the latter's domestic spying operations and that, in fact, the NSA's job would be impossible without them. Whenever you see a company deny giving any data to the NSA remember: It's because it's not the NSA asking (or demanding) the information of them, it's the FBI. They use the same Patriot Act authorities that the NSA does, and yet we have almost no idea what they do with it. In fact, the FBI has gone to extreme lengths to just keep their surveillance methods a secret from the public, just like the NSA. And the more we learn, the scarier it gets. On Monday, the EFF revealed through its Freedom of Information Act lawsuit that the FBI's "next generation" facial recognition program will have as many as 52m photographs in it next year ? including millions that were taken for "non-criminal purposes." It's massive biometric database already ?may hold records on as much as one third of the U.S. population,? EFF found. Lavabit, the email provider once allegedly used by Edward Snowden, also lost an appeal this week, leaving its founder Ladar Levinson in contempt of court for failing to hand over Lavabit's encryption keys to the FBI that would have exposed all 400,000 users of Lavabit. The court failed to rule on the larger issue ? leaving the door open for the FBI to try it again. And we know they want to. Foreign Policy's Shane Harris reported last year, the FBI "carries out its own signals intelligence operations and is trying to collect huge amounts of email and Internet data from U.S. companies ? an operation that the NSA once conducted, was reprimanded for, and says it abandoned." The FBI's activities include trying to convince "telecom carriers and Internet service providers to install [port readers] on their networks so that the government can collect large volumes of data about emails and Internet traffic." We also know they routinely get cell phone location information without a warrant. (If you want to see how your cell phone location information reveals almost every detail of your life, watch this amazing ACLU video.) We also know they're using Stingray devices, which are fake cell phone towers that vacuum up all cell phone activity in a particular area. We know that the FBI is still issuing thousands of oversight-free National Security Letters a year, despite multiple government reports detailing systematic abuse, and a federal court ruling that they are unconstitutional last year. (The ruling was put on hold pending appeal.) The FBI has pushed Congress and the White House ? and reportedly quietly lobbied the tech companies ? to support a dangerous overhaul to wiretapping laws that would require Internet companies like Google and Facebook to create a backdoor into their services, giving the FBI direct access if they get the requisite legal authorities. And, at the same time, the FBI also wants to be able to expand their ability to hack suspects' computers. (At least some judges have been pushing back, noting that the trove of information that the FBI can get from hacking suspects is often far beyond what the agency's investigation requires.) Worse, Wired discovered FBI training materials in 2012 that told agents they had the "ability to bend or suspend the law and impinge on freedoms of others," in national security cases. The materials were quickly withdrawn when they became public. All of this leads to why a comprehensive report released by ACLU late in 2013 called the FBI a "secret domestic intelligence agency" that "regularly overstepped the law, infringing on Americans' constitutional rights while overzealously pursuing its domestic security mission." After watching 1971, or reading Betty Medsger's corresponding book The Burglary, it should be a scandal to everyone that the FBI building is still named after J. Edgar Hoover. Unfortunately, his ghost also still seems to permeate in much of what they do. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 20 14:20:24 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Apr 2014 15:20:24 -0400 Subject: [Infowarrior] - General Mills reverses course on right to sue after backlash Message-ID: <96258C6C-EC8F-46A5-AE26-0536F7D486EE@infowarrior.org> General Mills reverses course on right to sue after backlash http://money.cnn.com/2014/04/20/news/companies/general-mills-backlash/ By Gregory Wallace @gregorywallace April 20, 2014: 1:48 PM ET Last week, the company posted new legal terms to its website that some read as eliminating customers' right to sue the company. General Mills (GIS, Fortune 500) explained the terms as requiring "all disputes related to the purchase or use of any General Mills product or service to be resolved through binding arbitration." So on Saturday, the company noted outrage over the change and announced it was voiding those terms. But it stood by the decision and defended arbitration as cost-effective and common in the corporate world. General Mills brands include popular cereals like Cheerios and Wheaties, baking products like Betty Crocker and Pillsbury, and other food lines like Progresso soups and H?agen-Dazs ice cream. The legal terms change was first reported by the New York Times. Virtually every major company has legal terms or terms of service to which customers consent when they make a purchase or provide personal information. Some include an agreement that disputes and any damages be settled by an arbitrator, rather than a judge or jury. Consumer advocates say arbitration is generally business-friendly and eliminates customer protections like class-action lawsuits. The controversy over the General Mills terms arose from a conception that it applied very broadly -- including interactions on social media where, for example, the company may provide coupons. If the customer accepted the coupon, he may agree to the terms without knowing it. Before it canceled the terms, General Mills said that was a "mischaracterization." "No one is precluded from suing us by purchasing our products at a store, and no one is precluded from suing us when they 'like' one of our Facebook pages," spokeswoman Kirstie Foster wrote in a blog post. The company stood by that position when it changed course over the weekend. "Those terms - and our intentions - were widely misread, causing concern among consumers," Foster wrote. "So we've reverted back to our prior terms. There's no mention of arbitration, and the arbitration provisions we had posted were never enforced. ... "We'll just add that we never imagined this reaction," Foster continued. "We're sorry we even started down this path.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 20 20:49:26 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Apr 2014 21:49:26 -0400 Subject: [Infowarrior] - FT: Washington on back foot in web negotiations Message-ID: <765B0862-4B80-4EF4-89D4-1081B189CEE5@infowarrior.org> Washington on back foot in web negotiations By Richard Waters in San Francisco ?AFP http://www.ft.com/cms/s/0/4529516c-c713-11e3-889e-00144feabdc0.html A meeting in Brazil this week will reveal whether Washington has succeeded in preventing international anger over the Edward Snowden revelations clouding discussions about future governance of the internet. S?o Paulo is to host a two-day international meeting, starting on Wednesday, called by Brazilian president Dilma Rousseff, one of the international leaders who was a target of US surveillance. International unrest over US and British internet surveillance has weakened Washington?s ability to shape the debate about the internet?s future, according to people involved in the process. ?The US has lost the moral authority to talk about a free and open internet,? said a former senior US government official. The S?o Paulo meeting had the potential to become deeply political and expose rifts between countries over future control of the internet, said Greg Shatan, a partner at law firm Reed Smith in Washington. ?It was called under extraordinary circumstances, it?s a reaction to a perceived crisis,? he said. The US made a highly symbolic gesture last month in an attempt to defuse the situation. In a move that had long been urged by Brussels, Washington said it planned to give up its last remaining direct role in controlling the internet. This involves checking the accuracy of changes to internet addressing made by ICANN, the international body that oversees the system. Though a limited and highly technical function, this has long been a focus for international discontent at US influence over the internet. Even with the proposal to end its direct involvement, Washington still regards itself as an important guarantor of the internet naming system, which is key to maintaining a single, unified internet. ?It?s not as though we?re closing up shop and saying we?re done here,? Lawrence Strickling, an assistant secretary at the Department of Commerce, said this month. Yet the offer to end the formal US link has stirred up wider questions about control of the internet, as Mr Strickling himself admitted. Fadi Chehad?, president of ICANN, said after symbolic US control had been removed, it had to ?be replaced with clear strengths and clear safeguards? to ensure the continued openness of the system. This has thrust the unusual international arrangements for governing the internet into the spotlight while they are still being debated. ?We?re really setting up a non-statebound system of international governance, there isn?t anything like it,? said Milton Mueller, a professor at Syracuse University. At stake were the ?long-term evolution of institutions and the establishment of certain norms? that would shape the medium?s future, he added ? a delicate process that could be knocked off course by the tensions stirred up by the Snowden leaks. Political pressures are becoming evident. Republicans in Washington have raised the stakes by denouncing the White House?s proposal to step back from its formal role in ICANN, arguing that this risked handing control of the internet to repressive governments. Administration officials said this overstated the significance of what was a purely technical proposal. The officials also said they would only give up the address-checking function if an alternative were found that was completely free of government influence. ?Governments can no more take over ICANN than Google can take over ICANN,? Mr Strickling said. Yet keeping undue government influence out of the internet as US authority recedes will be hard to maintain. The US, along with countries in Europe, has backed a system that balances the influence of a number of interest groups: governments, companies, bodies representing civil society and the engineers who maintain the standards and protocols on which the internet relies. The S?o Paulo meeting will serve to show whether progress towards this so-called ?multi-stakeholder? approach is at risk from the fallout from the Snowden leaks. There are signs that governments might see themselves as ?more equal than others?, Mr Shatan said. Government representatives would have half the key seats at the meeting and carefully worded communiqu?s before the event pointed to a debate about how far their role should extend, he added. The S?o Paulo meeting is likely to set the tone for international discussions on internet governance, culminating at a meeting in October of the International Telecommunications Union, an arm of the UN. The ITU took a stab at exerting more control over the internet at a divisive meeting in Dubai in 2012, prompting a US walkout. With its moral authority waning because of the surveillance scandal, Washington?s hopes of holding together what it sees as a coalition of right-thinking nations dedicated to the openness of the internet could soon be in for a more severe test. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 21 12:00:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Apr 2014 13:00:09 -0400 Subject: [Infowarrior] - IC Directive Bars Unauthorized Contacts with News Media Message-ID: Intelligence Directive Bars Unauthorized Contacts with News Media http://blogs.fas.org/secrecy/?p=10155 The Director of National Intelligence has forbidden most intelligence community employees from discussing ?intelligence-related information? with a reporter unless they have specific authorization to do so, according to an Intelligence Community Directive that was issued last month. ?IC employees? must obtain authorization for contacts with the media? on intelligence-related matters, and ?must also report? unplanned or unintentional contact with the media on covered matters,? the Directive stated. The new Directive reflects ? and escalates ? tensions between the government and the press over leaks of classified information. It is intended ?to mitigate risks of unauthorized disclosures of intelligence-related matters that may result from such contacts.? See Intelligence Community Directive 119, Media Contacts, March 20, 2014. Significantly, however, the new prohibition does not distinguish between classified and unclassified intelligence information. The ?covered matters? that require prior authorization before an employee may discuss them with a reporter extend to any topic that is ?related? to intelligence, irrespective of its classification status. The Directive prohibits unauthorized ?contact with the media about intelligence-related information, including intelligence sources, methods, activities, and judgments (hereafter, ?covered matters?).? If an employee?s contact with the media involves an unauthorized disclosure of classified information, then he could be subject to criminal prosecution. But even if classified information were not communicated to the reporter, the Directive indicates, violation of the new policy ?at a minimum? will be handled in the same manner as a security violation.? ?IC employees who are found to be in violation of this IC policy may be subject to administrative actions that may include revocation of security clearance or termination of employment,? the Directive states. The new Directive creates an anomalous situation in which routine interactions that are permissible between an intelligence employee and an ordinary member of the public are now to be prohibited if that member of the public qualifies as ?media.? So under most circumstances, an intelligence community employee is at liberty to discuss unclassified ?intelligence-related information? with his or her next-door neighbor. But if the neighbor happened to be a member of the media, then the contact would be prohibited altogether without prior authorization. Meanwhile, the Directive defines membership in ?the media? expansively. It is not necessary to be a credentialed reporter for an established news organization. It is sufficient to be ?any person? engaged in the collection, production, or dissemination to the public of information in any form related to topics of national security?.? Moreover, even approved contacts are to be formally documented for future review. ?IC elements should ensure their records on media contacts are sufficient to support executive and legislative branch oversight requirements.? Essentially, the Directive seeks to ensure that the only contacts that occur between intelligence community employees and the press are those that have been approved in advance. Henceforward, the only news about intelligence is to be authorized news. The IC policy bears some resemblance to a proposal that was advanced by the Senate Intelligence Committee in 2012, and then withdrawn in response to widespread criticism. The Senate?s initial version of the FY2012 intelligence authorization act (Section 506) would have required that only specifically designated officials would be permitted to provide ?background or off-the-record information regarding intelligence activities to the media.? That provision would ?lead to a less-informed debate on national security issues, by prohibiting nearly all intelligence agency employees from providing briefings to the press, unless those employees give their names and provide the briefing on the record,? said Sen. Ron Wyden at the time. ?I haven?t seen any evidence that prohibiting the intelligence agencies from providing these briefings would benefit national security in any way, so I see no reason to limit the flow of information in this manner,? he said then. Likewise, there is no particular reason to think that routine interactions between intelligence agency employees and reporters ? especially on unclassified matters ? pose any kind of threat to national security, or that limiting them will offer any benefit. However, the new policy is likely to be effective in reducing the quality, independence and critical content of intelligence-related information that is available to the press and the public. ?I think we are going to make headway over the next few weeks on media leaks,? said outgoing National Security Agency Director Gen. Keith Alexander at an event on March 4. At the time, it was unclear what he was referring to, but he might have had the March 20 Intelligence Community Directive 119 in mind. The post Intelligence Directive Bars Unauthorized Contacts with News Media appears on Secrecy News from the FAS Project on Government Secrecy. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 21 12:05:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Apr 2014 13:05:22 -0400 Subject: [Infowarrior] - Homeland Security Adviser Warns Parents That Their Mouthy Kids May Grow Up To Be Terrorists Message-ID: <3AB02D66-01B6-430D-9FA3-918E9795CF70@infowarrior.org> Counterterrorism Chief: Parents Should Watch For ?Sudden Personality Changes? In Children April 18, 2014 10:53 AM http://washington.cbslocal.com/2014/04/18/counterterrorism-chief-parents-should-watch-for-sudden-personality-changes-in-children/ Cambridge, Mass. (CBS DC) ? Delivering a speech at Harvard University?s John F. Kennedy School of Government on Tuesday, White House Homeland Security and Counterterrorism Adviser Lisa Monaco said that local communities have to be aware of terrorist threats where the government cannot, noting that parents should watch for ?sudden personality changes in their children at home.? In the speech at the Harvard Kennedy School Forum entitled, ?Countering Violent Extremism and the Power of Community,? Monaco made mention of the Boston Marathon bombings anniversary and the Kansas shootings at Jewish community complexes. ?President Obama has been laser-focused on making sure we use all the elements of our national power to protect Americans, including developing the first government-wide strategy to prevent violent extremism in the United States,? said Monaco, in a transcript made available by the White House. ?At the same time, we recognize that there are limits to what the federal government can do.? Monaco continued, saying that local communities have to share some responsibility in awareness of possible terrorist threats within the U.S. ?Local communities are the most powerful asset we have in the struggle against violence and violent extremism,? said Monaco. ?We?ve crunched the data on this. In the more than 80 percent of cases involving homegrown violent extremists, people in the community?whether peers or family members or authority figures or even strangers?had observed warning signs a person was becoming radicalized to violence.? Monaco said that many of these warning signs are ignored, and that local communities and parents should be more wary of problems developing domestically. She listed a series of behaviors that may indicate a growing threat. ?Parents might see sudden personality changes in their children at home?becoming confrontational. Religious leaders might notice unexpected clashes over ideological differences. Teachers might hear a student expressing an interest in traveling to a conflict zone overseas. Or friends might notice a new interest in watching or sharing violent material.? ?The government is rarely in position to observe these early signals, so we need to do more to help communities understand the warning signs, and then work together to intervene before an incident can occur.? Monaco said that in addition to citizen alertness, the Department of Homeland Security is increasing its partnerships across the country and making hundreds of millions of dollars in grant money available annually to local law enforcement to help improve anti-terrorism security at the municipal and county level. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 21 15:27:03 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Apr 2014 16:27:03 -0400 Subject: [Infowarrior] - DNI asks students to not consider Snowden a hero Message-ID: James Clapper Giving Speeches To Students, Begging Them To Stop Thinking Of Ed Snowden As A Hero http://www.techdirt.com/articles/20140419/07565426966/james-clapper-giving-speeches-to-students-begging-them-to-stop-thinking-ed-snowden-as-hero.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 21 17:28:45 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Apr 2014 18:28:45 -0400 Subject: [Infowarrior] - DSL router patch merely hides backdoor instead of closing it Message-ID: Easter egg: DSL router patch merely hides backdoor instead of closing it Researcher finds secret ?knock? opens admin for some Linksys, Netgear routers. by Sean Gallagher - Apr 21 2014, 5:33pm EDT http://arstechnica.com/security/2014/04/easter-egg-dsl-router-patch-merely-hides-backdoor-instead-of-closing-it/ Just what you wanted for Easter: a re-gifted backdoor from Christmas. http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf First, DSL router owners got an unwelcome Christmas present. Now, the same gift is back as an Easter egg. The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn?t actually get rid of the backdoor?it just conceals it. And the nature of the ?fix? suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with. Back in December, Eloi Vanderbecken of Synacktiv Digital Security was visiting his family for the Christmas holiday, and for various reasons he had the need to gain administrative access to their Linksys WAG200G DSL gateway over Wi-Fi. He discovered that the device was listening on an undocumented Internet Protocol port number, and after analyzing the code in the firmware, he found that the port could be used to send administrative commands to the router without a password. After Vanderbecken published his results, others confirmed that the same backdoor existed on other systems based on the same Sercomm modem, including home routers from Netgear, Cisco (both under the Cisco and Linksys brands), and Diamond. In January, Netgear and other vendors published a new version of the firmware that was supposed to close the back door. However, that new firmware apparently only hid the backdoor rather than closing it. In a PowerPoint narrative posted on April 18, Vanderbecken disclosed that the ?fixed? code concealed the same communications port he had originally found (port 32764) until a remote user employed a secret ?knock??sending a specially crafted network packet that reactivates the backdoor interface. The packet structure used to open the backdoor, Vanderbecken said, is the same used by ?an old Sercomm update tool??a packet also used in code by Wilmer van der Gaast to "rootkit" another Netgear router. The packet?s payload, in the version of the backdoor discovered by Vanderbecken in the firmware posted by Netgear, is an MD5 hash of the router?s model number (DGN1000). The nature of the change, which leverages the same code as was used in the old firmware to provide administrative access over the concealed port, suggests that the backdoor is an intentional feature of the firmware and not just a mistake made in coding. ?It?s DELIBERATE,? Vanderbecken asserted in his presentation. There are some limitations to the use of the backdoor. Because of the format of the packets?raw Ethernet packets, not Internet Protocol packets?they would need to be sent from within the local wireless LAN, or from the Internet service provider?s equipment. But they could be sent out from an ISP as a broadcast, essentially re-opening the backdoor on any customer?s router that had been patched. Once the backdoor is switched back on, it listens for TCP/IP traffic just as the original firmware did, giving ?root shell? access?allowing anyone to send commands to the router, including getting a ?dump? of its entire configuration. It also allows a remote user to access features of the hardware?such as blinking the router?s lights. Just how widely the old, new backdoor has been spread is unknown. Vanderbecken said that because each version of the firmware is customized to the manufacturer and model number, the checksum fingerprints for each will be different. While he?s provided a proof-of-concept attack for the DGN1000, the only way to find the vulnerability would be to extract the filesystem of the firmware and search for the code that listens for the packet, called ?ft_tool?, or the command to reactivate the backdoor (scfgmgr ?f ). We attempted to reach Sercomm and Netgear for comment on the backdoor. Sercomm did not respond, and a Netgear spokesperson could not yet comment on the vulnerability. Ars will update this story as more details are made available by the device manufacturers. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 22 06:06:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Apr 2014 07:06:52 -0400 Subject: [Infowarrior] - Record Labels: Used MP3s Too Good and Convenient to Resell Message-ID: <3E3258ED-A4F3-43BE-8E80-24001B37FB98@infowarrior.org> Record Labels: Used MP3s Too Good and Convenient to Resell ? By Ernesto ? on April 22, 2014 http://torrentfreak.com/record-labels-used-mp3s-too-good-and-convenient-to-resell-140422/ Responding to a consultation of the EU Commission, various music industry groups are warning against a right for consumers to sell their MP3s. IFPI notes that people should be barred from selling their digital purchases because it's too convenient, while the quality of digital copies remains top-notch. Interestingly, the UK Government opposes this stance with a rather progressive view. To gather the opinions of the public and other stakeholders on copyright reform, the EU Commission launched a consultation a few months ago. The call resulted in hundreds of submissions, which were made public recently. One of the topics being covered is the issue of ?digital resales.? In other words, whether consumers should be allowed to sell digital music files, videos and software they purchased previously. In the United States the ReDigi case has been the center of this debate, with a federal court ruling in favor of Capitol Records last year. In the EU, however, the Court of Justice previously ruled that consumers are free to resell games and software, even when there?s no physical copy. In the submissions to the EU Commission consultation numerous parties weigh in on the subject. Interestingly, the UK Government takes a rather progressive stance by stating that people should be allowed to sell ?used? tracks bought in the iTunes store, or used videos they?ve downloaded from Amazon. ?As regards the resale of copies, the UK notes that traditional secondary markets for goods can encourage both initial purchase and adoption of technologies, and the prospect of sale on the secondary market may be factored in to an initial decision to buy and to market prices,? the UK response reads ?There seems to be no reason why this should not be the case for digital copies, except for the ?forward and delete? issue noted by the consultation,? it adds. In other words, according to the UK Government people have the right to sell any digital files they have bought, as long as the original copy is deleted. This stands in sharp contrast to the various record label groups who warn that digital resales may crush the industry. IFPI, for example, notes in its submission that allowing digital resales would hurt the entire music industry, and threaten the livelihoods of many artists. ?In the recorded music sector, the consequences of enabling the resale of digital content would have very harmful consequences for the entire music market,? IFPI writes. ?The notion that the exhaustion principle should apply to copies acquired by means of digital transmissions in the same way that it applies to physical copies ignores the many differences between the two kinds of copies and between the two distribution processes,? the music group adds. IFPI signals three main differences between digital and physical distribution that warrant a ban on digital resales. According to them, physical music is different because: ? the quality of these deteriorates with time, and often due to wear and tear or mishandling ? purchasing an item at a used record store requires traveling to the store and searching for a copy of the phonograph record ? the resale only concerns the original recording, not copies of that recording In other words, people shouldn?t be allowed to resell digital music because it?s too convenient, and because the copies don?t lose their quality. While it?s no surprise that the labels are against digital resales, these arguments do raise some eyebrows. After all, there are also many physical products that are easy to ship and keep their value over time, which are perfectly fine to resell. IFPI is not alone in their restrictive view on selling used digital files. The UK-based music group BPI also submitted a response to the consultation, using similar arguments, as did individual labels such as Universal Music and Sony Music. ?The consequences of allowing resale of previously purchased digital content would be devastating to the music industry. It would compete directly with the sale of original digital files as they would be entirely substitutional,? Universal notes, for example. It is now up to the EU Commission to sift through all the submissions to see what the ideas of various stakeholders and the public are on the matter, and how this should impact future legislation. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 23 08:14:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Apr 2014 09:14:34 -0400 Subject: [Infowarrior] - NIST removes (NSA-compromised) Dual_EC_DRBG from recommendations Message-ID: NIST Removes Cryptography Algorithm from Random Number Generator Recommendations From NIST Tech Beat: April 21, 2014 Contact: Jennifer Huergo 301-975-6343 http://www.nist.gov/itl/csd/sp800-90-042114.cfm Following a public comment period and review, the National Institute of Standards and Technology (NIST) has removed a cryptographic algorithm from its draft guidance on random number generators. Before implementing the change, NIST is requesting final public comments on the revised document, Recommendation for Random Number Generation Using Deterministic Random Bit Generators (NIST Special Publication 800-90A, Rev. 1). The revised document retains three of the four previously available options for generating pseudorandom bits needed to create secure cryptographic keys for encrypting data. It omits an algorithm known as Dual_EC_DRBG, or Dual Elliptic Curve Deterministic Random Bit Generator. NIST recommends that current users of Dual_EC_DRBG transition to one of the three remaining approved algorithms as quickly as possible. In September 2013, news reports prompted public concern about the trustworthiness of Dual_EC_DRBG. As a result, NIST immediately recommended against the use of the algorithm and reissued SP 800-90A for public comment. Some commenters expressed concerns that the algorithm contains a weakness that would allow attackers to figure out the secret cryptographic keys and defeat the protections provided by those keys. Based on its own evaluation, and in response to the lack of public confidence in the algorithm, NIST removed Dual_EC_DRBG from the Rev. 1 document. The revised SP 800-90A is available at http://csrc.nist.gov/news_events/index.html#apr21 along with instructions for submitting comments. The public comment period closes on May 23, 2014. NIST will take those comments into consideration in making any revisions to SP 800-90A. NIST recommends that vendors currently using Dual_EC_DRBG who want to remain in compliance with federal guidance, and who have not yet made the previously recommended changes to their cryptographic modules, should select an alternative algorithm and not wait for further revision of the Rev. 1 document. NIST advises federal agencies and other buyers of cryptographic products to ask vendors if their cryptographic modules rely on Dual_EC_DRBG, and if so, to ask their vendors to reconfigure those products to use alternative algorithms. A list of cryptographic modules that include Dual_EC_DRBG can be found at http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html. Most of these modules implement more than one random number generator. In some cases, the Dual_EC_DRBG algorithm may be listed as included in a product, but another approved algorithm may be used by default. If a product uses Dual_EC_DRBG as the default random number generator, it may be possible to reconfigure the product to use a different default algorithm. Draft versions of related guidance, 800-90 B: Recommendation for the Entropy Sources Used for Random Bit Generation and 800-90 C: Recommendation for Random Bit Generator (RBG) Constructions, were also released for comment in September 2013 and are still under development. The concerns raised over the development of SP 800-90 and the inclusion of Dual_EC_DRBG prompted NIST to review its cryptographic standards development process. In February 2014, NIST released NIST IR7977: DRAFT NIST Cryptographic Standards and Guidelines Development Process for public comment. The public comment period on NIST IR 7977 closed on April 18, 2014. NIST's primary federal advisory committee, the Visiting Committee on Advanced Technology, has also been asked to review NIST's cryptographic standards process, and the committee plans to produce a public report of its findings and recommendations. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 24 00:06:56 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Apr 2014 01:06:56 -0400 Subject: [Infowarrior] - FCC planning to gut Net Neutrality Message-ID: FCC planning new Internet rules that will gut Net Neutrality. Get ready to pay more for the stuff you love online. http://boingboing.net/2014/04/23/fcc-planning-new-internet-rule.html#more-299101 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 24 00:10:14 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Apr 2014 01:10:14 -0400 Subject: [Infowarrior] - FCC: "No, we're not gutting net neutrality" Message-ID: <1FE8B8EE-C2DB-44EF-BADA-7EC22F974903@infowarrior.org> FCC chairman says reports of net neutrality's death are 'flat out wrong' By Sean Hollister on April 23, 2014 10:42 pm Email @StarFire2258 36Comments http://www.theverge.com/2014/4/23/5645984/fcc-chairman-says-reports-of-net-neutralitys-death-are-flat-out-wrong Tomorrow, the Federal Communications Commission will propose new net neutrality rules that will reportedly destroy the concept of net neutrality as we know it, making it okay for internet service providers to establish a "fast lane" for preferred customers and charge an additional toll. Needless to say, those who care about net neutrality weren't too happy to hear that an organization that is supposed to protect communications might sell out to corporate interests. However, Federal Communications Commission chairman Tom Wheeler, a former cable industry lobbyist, says that there has been "no turnaround in policy," and calls those reports "flat out wrong." Here's the FCC chairman's full statement: "There are reports that the FCC is gutting the Open Internet rule. They are flat out wrong. Tomorrow we will circulate to the Commission a new Open Internet proposal that will restore the concepts of net neutrality consistent with the court's ruling in January. There is no 'turnaround in policy.' The same rules will apply to all Internet content. As with the original Open Internet rules, and consistent with the court's decision, behavior that harms consumers or competition will not be permitted." The FCC's position is that it is merely trying to defend net neutrality by keeping internet service providers from blocking legal traffic outright, and keeping them from unreasonably discriminating against traffic they'd rather not serve ? just as it set out to do with its original Open Internet Rules in 2010 ? only this time in a way that will hold up in court, because a court struck down those original rules in January. The problem, which Wheeler's statement doesn't refute, is that the FCC intends to say that it's okay to discriminate against traffic if content providers don't pay the ISPs a "commercially reasonable" fee. While the FCC chairman says that "behavior that harms consumers or competition will not be permitted," any fee might risk harming both, even if it's tiny. Today, when anyone can create software and internet services on their own personal computer, any additional barrier to entry can theoretically harm competition. What's more, the mere existence of a standard that allows discrimination, by definition, violates the idea of net neutrality. Net neutrality is an absolute concept that all traffic should be treated equally. It's possible, though, that Wheeler is using semantics here to make the new rules sound like less of a big deal. You'll note that he doesn't say that the FCC isn't gutting net neutrality, only that it isn't gutting the Open Internet rules. Net neutrality may be at stake after all, and we'll find out soon. According to the FCC, the organization will publish its Notice of Proposed Rulemaking tomorrow. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 24 00:15:36 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Apr 2014 01:15:36 -0400 Subject: [Infowarrior] - F.B.I. Informant Is Tied to Cyberattacks Abroad Message-ID: <0A9D8C18-D014-4417-B9B6-B1880CC96D67@infowarrior.org> F.B.I. Informant Is Tied to Cyberattacks Abroad By MARK MAZZETTIAPRIL 23, 2014 http://www.nytimes.com/2014/04/24/world/fbi-informant-is-tied-to-cyberattacks-abroad.html WASHINGTON ? An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks. Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data ? from bank records to login information ? from the government servers of a number of countries and upload it to a server monitored by the F.B.I., according to court statements. The details of the 2012 episode have, until now, been kept largely a secret in closed sessions of a federal court in New York and heavily redacted documents. While the documents do not indicate whether the F.B.I. directly ordered the attacks, they suggest that the government may have used hackers to gather intelligence overseas even as investigators were trying to dismantle hacking groups like Anonymous and send computer activists away for lengthy prison terms. The attacks were coordinated by Hector Xavier Monsegur, who used the Internet alias Sabu and became a prominent hacker within Anonymous for a string of attacks on high-profile targets, including PayPal and MasterCard. By early 2012, Mr. Monsegur of New York had been arrested by the F.B.I. and had already spent months working to help the bureau identify other members of Anonymous, according to previously disclosed court papers. One of them was Jeremy Hammond, then 27, who, like Mr. Monsegur, had joined a splinter hacking group from Anonymous called Antisec. The two men had worked together in December 2011 to sabotage the computer servers of Stratfor Global Intelligence, a private intelligence firm based in Austin, Tex. Shortly after the Stratfor incident, Mr. Monsegur, 30, began supplying Mr. Hammond with lists of foreign websites that might be vulnerable to sabotage, according to Mr. Hammond, in an interview, and chat logs between the two men. The New York Times petitioned the court last year to have those documents unredacted, and they were submitted to the court last week with some of the redactions removed. ?After Stratfor, it was pretty much out of control in terms of targets we had access to,? Mr. Hammond said during an interview this month at a federal prison in Kentucky, where he is serving a 10-year sentence after pleading guilty to the Stratfor operation and other computer attacks inside the United States. He has not been charged with any crimes in connection with the hacks against foreign countries. Mr. Hammond would not disclose the specific foreign government websites that he said Mr. Monsegur had asked him to attack, one of the terms of a protective order imposed by the judge. The names of the targeted countries are also redacted from court documents. But according to an uncensored version of a court statement by Mr. Hammond, leaked online the day of his sentencing in November, the target list was extensive and included more than 2,000 Internet domains. The document said Mr. Monsegur had directed Mr. Hammond to hack government websites in Iran,Nigeria, Pakistan, Turkey and Brazil and other government sites, like those of the Polish Embassy in Britain and the Ministry of Electricity in Iraq. An F.B.I. spokeswoman declined to comment, as did lawyers for Mr. Monsegur and Mr. Hammond. The hacking campaign appears to offer further evidence that the American government has exploited major flaws in Internet security ? so-called zero-day vulnerabilities like the recent Heartbleed bug ? for intelligence purposes. Recently, the Obama administration decided it would be more forthcoming in revealing the flaws to industry, rather than stockpiling them until the day they are useful for surveillance or cyberattacks. But it carved a broad exception for national security and law enforcement operations. < - > http://www.nytimes.com/2014/04/24/world/fbi-informant-is-tied-to-cyberattacks-abroad.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 24 11:12:43 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Apr 2014 12:12:43 -0400 Subject: [Infowarrior] - New law restricts rights of Russian bloggers Message-ID: <250B9EB0-C883-47C6-B99D-53428587FE22@infowarrior.org> New law restricts rights of Russian bloggers 6147 April 22, 18:06 UTC+4 ITAR-TASS/Artyom Starikov http://en.itar-tass.com/opinions/1750 MOSCOW, April 22. /ITAR-TASS/. Russia?s popular bloggers will now have to brace for considerable restrictions of their rights. The State Duma has just adopted a law introducing new rules they will have to abide by. The document incorporates a package of bills for effective struggle against terrorism and extremism. Earlier, the bill drew a mixed response from society, including sharp criticism from human rights activists. The law introduces a new term: ?Internet user called blogger.? Bloggers will be obliged to declare their family name and initials and e-mail address. Those authors whose personal website or page in social networks has 3,000 visitors or more a day must have themselves registered on a special list and abide by restrictions applicable to the mass media. In other words, registration requires the blogger should check the authenticity of published information and also mention age restrictions for users. Also, bloggers will have to follow mass media laws concerning electioneering, resistance to extremism and the publication of information about people?s private lives. An abuse of these requirements will be punishable with a fine of 10,000 to 30,000 roubles (roughly 300 dollars to 1,000 dollars) for individuals and 300,000 roubles (10,000 roubles) for legal entities. A second violation will be punishable with the website?s suspension for one month. Many observers have arrived at the conclusion that the document in fact treats bloggers as mass media from the standpoint of obligations, but grants them no corresponding rights. The heads of State Duma committees deny this, though. ?The media argue that under this law bloggers have been declared as a variety of mass media. This is not so,? says the chairman of the State Duma?s information policies committee, Aleksei Mitrofanov. ?Under that law special legal regulation for bloggers is to be introduced,? he said. ?It is the other way round, bloggers who have been registered as an online publication are not subject to the operation of that law.? Nevertheless, back during the discussion phase the bill came under strong criticism from society. In particular, a majority of members of the presidential council for civil society and human rights came out against its adoption in the present shape. HRC Chairman Mikhail Fedotov said the bill contradicted the existing law on the mass media. Presidential human rights ombudsman Ella Pamfilova said that the introduction of extra restrictions would merely induce attempts to sidestep them and ?hinder the emergence of law abidance in young people?s minds.? She warns that the bill has very big chances of being taken before a Constitutional Court. The bill is half-baked and leaves many legal loopholes unplugged. For instance, it is unclear what is to be done to foreign bloggers, says HRC member Ilya Shablinsky. ?The real purpose of the bill is to prevent any criticism of the authorities,? he speculates. Any protective barriers are not only counter-productive, but just useless in the global network, which is a trans-border resource providing anonymity, the daily Novyie Izvestia quotes HRC member Aleksandr Verkhovsky as saying. ?The problem is there is a certain reflex at work here. Everything that looks dangerous should be banned. However, if the state begins to black out information, it will be doomed to fail. I twill merely and to annoy one and all.? Assistant lecturer at the international law chair of the department of law at the Russian Presidential Academy of the Economy and Civil Service, internet technologies specialist Madina Kasenova in an interview to Itar-Tass has described the law on bloggers as ?legally redundant?. She said it would be very wrong to apply the same standards to all Internet users and Internet resources. ?If one legal norm is applied to this diversity, then the law will either not work at all, or work only when somebody will benefit from it,? the analyst said. In her opinion the flaws in the existing legislation are largely a result of lawmakers? haste. ?What we observe is not a very good tendency ? there is no correlation between different laws,? she said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 24 16:32:23 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Apr 2014 17:32:23 -0400 Subject: [Infowarrior] - Lawsuit Claims FBI Used No Fly List To Pressure Muslims Into Becoming Informants Message-ID: <31A44BD9-B597-460B-AF1A-0CDF34F02E49@infowarrior.org> Lawsuit Claims FBI Used No Fly List To Pressure Muslims Into Becoming Informants http://www.techdirt.com/articles/20140423/06225826996/new-lawsuit-claims-fbi-used-no-fly-list-to-pressure-muslims-into-becoming-informants.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 25 06:24:04 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Apr 2014 07:24:04 -0400 Subject: [Infowarrior] - (privacy) Verizon cell customers - READ Message-ID: Verizon Wireless sells out customers with creepy new tactic The carrier will monitor not just your wireless activities but also what you do on your wired or Wi-Fi-connected computers, then share that data with marketers. By David Lazarus April 24, 2014, 7:04 p.m. http://www.latimes.com/business/la-fi-lazarus-20140425,0,5339459,full.column As far as corporate notices go, they don't get much creepier than this recent alert from Verizon Wireless. The company says it's "enhancing" its Relevant Mobile Advertising program, which it uses to collect data on customers' online habits so that marketers can pitch stuff at them with greater precision. "In addition to the customer information that's currently part of the program, we will soon use an anonymous, unique identifier we create when you register on our websites," Verizon Wireless is telling customers. "This identifier may allow an advertiser to use information they have about your visits to websites from your desktop computer to deliver marketing messages to mobile devices on our network," it says. That means exactly what it looks like: Verizon will monitor not just your wireless activities but also what you do on your wired or Wi-Fi-connected laptop or desktop computer ? even if your computer doesn't have a Verizon connection. The company will then share that additional data with marketers. Joanne Schwartz, 65, of Tustin received the Verizon Wireless notice last week. "Verizon makes it seem like they are doing us a great favor," she told me. But what the company is really doing, she said, is collecting data on her whole family's computer usage and sharing it with its business partners. Schwartz's verdict: "Horrible." Even worse, Verizon is enrolling customers in the "enhanced" program by automatically downloading software into their computers, which customers may not even know is happening. If Verizon Wireless customers want to keep their computers off-limits to the company's marketing affiliates, they'd have to go to the trouble of opting out. This is one of the more outrageous examples of how businesses loudly proclaim their commitment to safeguarding consumers' privacy while quietly selling us out to the highest bidder. "The holy grail for profiling people is to follow them from one device to another," said Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse in San Diego. "We're going to see more and more of this." I wrote last week about how Verizon and AT&T slap customers with hefty monthly fees if they want an unlisted phone number. Call it a privacy premium. What Verizon Wireless is doing with targeted ads is basically what Google, Yahoo and most other big Internet companies do ? leveraging data about your cyber-behavior to boost marketing money. But here's the thing: Google and Yahoo offer lots of cool free services, such as Gmail and Yahoo Finance. Their aggressive data collection is how they help subsidize these offerings. In Verizon Wireless' case, customers pay them upfront for the services they receive. Thus, any additional revenue the company can pocket from data collection is above and beyond what it's already earning. Since Verizon Wireless clearly isn't offering its service at a loss, this extra cash is nothing but gravy. Customers may be hard-pressed to understand fully what's going on with the "enhanced" program. The Verizon Wireless notice is decidedly short on details. Debra Lewis, a Verizon Wireless spokeswoman, explained to me that when a customer registers on the company's "My Verizon" website to see a bill or watch TV online, a "cookie," or tracking software, is downloaded onto the customer's home computer. Most cookies are benign, allowing websites to provide better service to frequent visitors. Verizon Wireless' cookie allows a data-collection company working on Verizon's behalf ? Lewis declined to name which one ? to gather information on which sites you visit after you leave "My Verizon." That information is "anonymized," Lewis said, to mask the Verizon customer's identity and is then shared with marketers, which can use the info to provide ads on the customer's Verizon Wireless device that match his or her home-computer interests. So, by way of example, let's say you enjoy watching videos on the Victoria's Secret website on your personal computer in the privacy of your home. You shouldn't be surprised if ads for women's undergarments start appearing on your Verizon Wireless mobile device. "I don't fully understand the technology," said Stephens at the Privacy Rights Clearinghouse. "But it apparently works and it's extremely valuable to marketers." Lewis, at Verizon Wireless, didn't fully understand the technology either. She acknowledged that a customer's mobile number has to be known to marketers so they can target ads to that specific user, but insisted that the information collected from home computers remains anonymous. Lewis also acknowledged that no explicit notice is given when the cookie is installed on people's home computers from the "My Verizon" site, although there's a link in the site's "notification center" to more information on the enhanced Relevant Mobile Advertising program. Because no notice is given at the time the cookie is downloaded, it would obviously be up to individual Verizon Wireless customers to learn what's happening and then find the appropriate page on Verizon Wireless' website to opt out of the company's surveillance. AT&T and T-Mobile both said they don't have similar programs. An email to Sprint went unanswered. I asked Lewis whether she thought Verizon Wireless' actions were a tad, shall we way, intrusive. She said no. "Some people may want to see advertising that's more relevant," Lewis said. "There's potential benefit for marketers and potential benefit for consumers." If you don't see things the same way, you may want to adjust your browser's privacy settings to restrict access to third-party cookies. That's not a surefire way to thwart the efforts of too-nosy companies like Verizon Wireless, but it's a start. David Lazarus' column runs Tuesdays and Fridays. He also can be seen daily on KTLA-TV Channel 5 and followed on Twitter @Davidlaz. Send your tips or feedback to david.lazarus at latimes.com. Copyright ? 2014, Los Angeles Times --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 25 06:28:12 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Apr 2014 07:28:12 -0400 Subject: [Infowarrior] - Low-level federal judges balking at law enforcement requests for electronic evidence Message-ID: Low-level federal judges balking at law enforcement requests for electronic evidence By Ann E. Marimow and Craig Timberg Judges at the lowest levels of the federal judiciary are balking at sweeping requests by law enforcement officials for cellphone and other sensitive personal data, declaring the demands overly broad and at odds with basic constitutional rights. This rising assertiveness by magistrate judges ? the worker bees of the federal court system ? has produced rulings that elate civil libertarians and frustrate investigators, forcing them to meet or challenge tighter rules for collecting electronic evidence. Among the most aggressive opinions have come from D.C. Magistrate Judge John M. Facciola, a bow-tied court veteran who in recent months has blocked wide-ranging access to the Facebook page of Navy Yard shooter Aaron Alexis and the iPhone of the Georgetown University student accused of making ricin in his dorm room. In another case, he deemed a law enforcement request for the entire contents of an e-mail account ?repugnant? to the U.S. Constitution. For these and other cases, Facciola has demanded more focused searches and insisted that authorities delete collected data that prove unrelated to a current investigation rather than keep them on file for unspecified future use. He also has taken the unusual step, for a magistrate judge, of issuing a series of formal, written opinions that detail his concerns, even about previously secret government investigations. ?For the sixth time,? Facciola wrote testily, using italics in a ruling this month, ?this Court must be clear: if the government seizes data it knows is outside the scope of the warrant, it must either destroy the data or return it. It cannot simply keep it.? The Justice Department declined to comment for this article, although it said in an appeal to a Facciola ruling this week that his position was ?unreasonable,? out of step with other judges and would slow searches of the e-mails of criminal suspects ?to a snail?s pace.? Facciola, 68, a former state and federal prosecutor known as ?Fatch? around the limestone E. Barrett Prettyman Federal Courthouse a block from the Mall, remains an outlier among the 500-plus federal magistrates nationwide, say legal experts. Yet he is part of a small but growing faction, including judges in Texas, Kansas, New York and Pennsylvania, who have penned decisions seeking to check the reach of federal law enforcement power in the digital world. Although some rulings were overturned, they have shaped when and how investigators can seize information detailing the locations, communications and online histories of Americans. ?There?s a newfound liberation to scrutinize more carefully,? said Albert Gidari Jr., a partner at Perkins Coie who represents technology and telecommunications companies. ?They also don?t want to be the ones who approve an order that later becomes public and embarrassing. .?.?. Nobody likes to be characterized as a rubber stamp.? ?Magistrates? Revolt? The seeds of what legal observers have dubbed ?the Magistrates? Revolt? date back several years, but it has gained power amid mounting public anger about government surveillance capabilities revealed by former National Security Agency contractor Edward Snowden. Judges have been especially sensitive to backlash over the Foreign Intelligence Surveillance Court, which made secret rulings key to the growth of the surveillance programs. Central to the cases before magistrate judges has been the Fourth Amendment? s prohibition of unreasonable search and seizure. Inspired by the Founding Fathers? unhappy memories of the aggressive tactics by British soldiers, it has been continually reinterpreted through more than two centuries of technological change. Such issues are increasingly urgent in an era when a typical smartphone carries video clips, e-mails, documents, location information and enough detail on a user?s communications to allow authorities map out a nearly complete universe of personal relationships. The Supreme Court plans to hear two cases next week on issues related to how police search cellphones after arrests. Magistrate judges, who do much of the routine work of the criminal justice system, influence each other through conversations at judicial conferences and through the federal e-mail system, which allows any magistrate judge to query all others on a vexing legal question with a single click of the mouse. Published opinions by magistrates are relatively rare, making it hard to track shifting attitudes toward government data requests. But legal experts say the overall level of skepticism from magistrates is on the rise. ?In talking to magistrate judges, they are saying, ?I?m not writing anything. I?m just saying no,??? said Brian L. Owsley, a former magistrate judge now teaching at Texas Tech?s law school. Magistrate Judge Stephen W. Smith, based in Houston?s federal court, is often credited with touching off the insurrection among his colleagues with a 2005 ruling in which he denied a government request for real-time access to the detailed location information that cellphones emit. He ruled that requiring a telecommunications company to provide subjects? ongoing data amounted to placing a tracking device on them ? something permitted only with the issuance of a search warrant, which the government had not requested. The distinction is crucial: Search warrants require that the government show probable cause that a crime was committed and that the search will turn up evidence that helps prove the crime. Other magistrates had routinely allowed cellphone location data to be seized using court orders, which require the government to meet a less stringent standard of showing only that the information is ?relevant and material? to an ongoing investigation. ?We understand law enforcement has a difficult job, and we don?t want to blow an investigation or tip off a suspect,? said Smith, who has known Facciola for years through their shared work for an online legal journal. ?On the other hand, he feels, like we all do, the special responsibility to safeguard the Fourth Amendment. .?.?. We are the ultimate backstop.? Tackling such issues, even in the face of possible reversal by higher courts, has become something of a badge of honor among some magistrates. Judge James Orenstein of Brooklyn, a former federal prosecutor who also wrote an early, influential ruling on cellphone location data, once joked with Smith that they would soon have enough like-minded magistrates to form a bowling team, Smith recalled. That prompted Orenstein to design shirts featuring the image of a bowling ball rolling toward a cellphone and nine cell towers arranged in a triangle like a set of bowling pins. Above the image it read, ?CSI: Cell Site Information.? Below it read, ?Bowling for Dialers.? When other magistrates write opinions on the issue ? regardless of which side they take in the debate ? they are offered one of the shirts. < - > http://www.washingtonpost.com/local/crime/low-level-federal-judges-balking-at-law-enforcement-requests-for-electronic-evidence/2014/04/24/eec81748-c01b-11e3-b195-dd0c1174052c_story.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 25 12:54:07 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Apr 2014 13:54:07 -0400 Subject: [Infowarrior] - Clapper's Media Crackdown: Gone Too Far? Message-ID: <49662FEE-4A4E-4D0E-91D7-D83BB8404B08@infowarrior.org> Clapper's Media Crackdown: Gone Too Far? http://nationalinterest.org/commentary/clappers-media-crackdown-gone-too-far-10343 Robert W. Merry | April 25, 2014 In the darkest days of the early Cold War, after the Soviet Union had busted the U.S. nuclear monopoly, syndicated columnist Stewart Alsop filed a probing article revealing what America thought it knew about the Soviets? growing nuclear stockpile. Though it generated interest around the country, it didn?t cause a great stir because most Americans had assumed the Soviets were working furiously to overtake the United States in the nuclear arms race. But the column hit official Washington like a brick thrown through a stained-glass window. Federal atomic-energy officials demanded an investigation. J. Edgar Hoover?s FBI jumped on it with all available force. Dozens of agents from numerous bureaus around the nation were dispatched to find the leaker. Friends, acquaintances and sources of Stewart Alsop?and of his brother Joseph, who was his column-writing partner?were interviewed; some were investigated. At one point, Hoover scribbled on an action report, ?Expedite! H.? Soon Capital denizens were whispering at receptions and cocktail parties about this intriguing, inside-Washington cat-and-mouse game. The leaker was never identified. The expansive investigation fizzled with an interview of the Alsop brothers by two FBI agents. The gumshoes were very polite and businesslike, Stewart Alsop reported years later in relating the episode in a book about Washington?s power matrix. They even seemed more intelligent and more widely read than he had anticipated. By the time they left, the brothers knew the case was closed. We?ve come a long way since that episode, which seems almost quaint in the face of what?s going on in official Washington today. To protect the kinds of secrets revealed by Stewart Alsop, the intelligence establishment is seeking to wall itself off from the American people by walling itself off from the news media. That?s the import of the recent directive signed by James Clapper, Director of National Intelligence, who wants to control all contact between people in the Intelligence Community and those involved in the news or information business. The directive states: ?IC employees must obtain authorization for contacts with the media? on intelligence-related matters and ?must also report on unplanned or unintentional contact with the media on covered matters.? ?Covered matters? aren?t confined to classified information but rather include anything involving the intelligence activities of the country. If it is related to intelligence, it?s covered. The directive defines the media in similarly broad terms, to wit: ?any person?engaged in the collection, production, or dissemination to the public of information in any form related to topics of national security.? To demonstrate his seriousness, Clapper warned in his directive that violations of the new policy could result in ?revocation of security clearance or termination of employment.? As Secrecy News, a publication of the Federation of American Scientists,puts it, ?Essentially, the Directive seeks to ensure that the only contacts that occur between intelligence community employees and the press are those that have been authorized in advance. Henceforward, the only news about intelligence is to be authorized news.? The government has a right and obligation, of course, to protect its secrets, and it is perhaps understandable in the era of Wikileaks and Edward Snowden that government officials would manifest a certain zealousness in executing that right and in pursuing that obligation. However, the ramifications of the Clapper directive are worth pondering at a time when America?s security establishment is taking on more and more global activities that the American people only dimly understand?and about which they seem more and more concerned. What kind of government seeks to maintain near-total control over the news that emanates from it? Perhaps it would be alarmist to suggest such a government is heading inevitably toward increasing authoritarianism. But this is the kind of thing we see in authoritarian regimes that don?t want to deal with the kinds of messy challenges that come with a free and unfettered press. What?s interesting about the Stewart Alsop episode was the extent to which many of the players in the drama appreciated the presence and necessity of their civic adversaries. True, Hoover relished the idea of undermining the Alsops, largely because he felt their views on civil liberties pitted them against his cherished bureau. But generally the players on all sides appreciated the others. The brothers never questioned the government?s prerogative to investigate them in the matter of this particular column. And the FBI agents on the case generally accepted the brothers? journalistic role as being part of the American fabric, and probably a necessary one. In the end, the equilibrium of this mutual appreciation proved more important than the necessity of finding the culprit (or, more likely, culprits) who leaked the information. In other words, while Stewart?s scoop probably never should have materialized, the powers that be felt a certain restraint in going after that transgression. The role of the press was understood to be too vital to mess with too zealously. They understood the American compact required them to accept a certain amount of this kind of thing, to work around it with philosophical regard. Besides, the reality that secrets could tumble out generated a certain caution and prudence in conducting the people?s business, and that was considered not altogether bad. That kind of equilibrium seems hardly in evidence now, and so we have the Clapper directive. In itself, it may not signify anything ominous. But it moves the government that much closer to territory that would be truly dangerous in a society based on the idea of keeping governmental power in check. Robert W. Merry is political editor ofThe National Interest and the author of books on American history and foreign policy. His most recent book is Where They Stand: The American Presidents in the Eyes of Voters and Historians. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 25 13:20:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Apr 2014 14:20:58 -0400 Subject: [Infowarrior] - more on: (privacy) Verizon cell customers - READ Message-ID: <0D3700C8-64E5-4F81-8514-544ED9F1CAC5@infowarrior.org> From TC??and thanks for the detailed note! "I saw this yesterday when I was checking something on my account and thought I would provide you with a bit more detail than the article below. There was a message waiting for me regarding "The Verizon Wireless Relevant Mobile Advertising program will soon help marketers provide you with ads based on information they may have about your visits to websites from your desktop computer. Learn about your choices.:" The link to the privacy choices page is nearly hidden in the text of the "Relevant Mobile Advertising Program Enhancement" page with only a slightly different color to the text. The opt-out page is at http://www.vzw.com/myprivacy. Note that there are three opt-outs per device (one for each program) "Customer Proprietary Network Information Settings", "Business & Marketing Reports", and Relevant Mobile Advertising" . Verizon at least lets you "select all" in each category so I only had to click each "Save Changes" button once. When I followed the link to "learn more" about the "Verizon Selects" program the site informed me that I was not signed up for that program but provided a helpful button to assist me in signing up. Unfortunately, I only really have to choices of wireless carriers as far as the wireless network goes, and Verizon Wireless seems intent on losing it's status as the lesser evil of the two." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 25 20:08:48 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Apr 2014 21:08:48 -0400 Subject: [Infowarrior] - U.S. judge rules search warrants extend to overseas email accounts Message-ID: (c/o Ferg) U.S. judge rules search warrants extend to overseas email accounts By Joseph Ax NEW YORK Fri Apr 25, 2014 6:41pm EDT http://www.reuters.com/article/2014/04/25/us-usa-tech-warrants-idUSBREA3O24P20140425 (Reuters) - Internet service providers must turn over customer emails and other digital content sought by U.S. government search warrants even when the information is stored overseas, a federal judge ruled on Friday. In what appears to be the first court decision addressing the issue, U.S. Magistrate Judge James Francis in New York said Internet service providers such as Microsoft Corp or Google Inc cannot refuse to turn over customer information and emails stored in other countries when issued a valid search warrant from U.S. law enforcement agencies. If U.S. agencies were required to coordinate efforts with foreign governments to secure such information, Francis said, "the burden on the government would be substantial, and law enforcement efforts would be seriously impeded." The ruling underscores the debate over privacy and technology that has intensified since the disclosures by former National Security Agency contractor Edward Snowden about secret U.S. government efforts to collect huge amounts of consumer data around the world. "It showcases an increasing trend that data can be anywhere," said Orin Kerr, a law professor at George Washington University who studies computer crime law. The decision addressed a search warrant served on Microsoft for one of its customers whose emails are stored on a server in Dublin, Ireland. In a statement, Microsoft said it challenged the warrant because the U.S. government should not be able to search the content of email held overseas. "A U.S. prosecutor cannot obtain a U.S. warrant to search someone's home located in another country, just as another country's prosecutor cannot obtain a court order in her home country to conduct a search in the United States," the company said. "We think the same rules should apply in the online world, but the government disagrees." The company plans to seek review of Francis' decision from a federal district judge. Microsoft has recently emphasized to its customers abroad that their data should not be searchable by U.S. authorities and said it would fight such requests. In a company blog post in December, Microsoft's general counsel, Brad Smith, said it would "assert available jurisdictional objections to legal demands when governments seek this type of customer content that is stored in another country." The search warrant in question was approved by Francis in December and sought information associated with an email account for a Microsoft customer, including the customer's name, contents of all emails received and sent by the account, online session times and durations and any credit card number or bank account used for payment. It is unclear which agency issued the warrant, and it and all related documents remain under seal. Microsoft determined that the target account is hosted on a server in Dublin and asked Francis to throw out the request, citing U.S. law that search warrants do not extend overseas. Francis agreed that this is true for "traditional" search warrants but not warrants seeking digital content, which are governed by a federal law called the Stored Communications Act. A search warrant for email information, he said, is a "hybrid" order: obtained like a search warrant but executed like a subpoena for documents. Longstanding U.S. law holds that the recipient of a subpoena must provide the information sought, no matter where it is held, he said. (Reporting by Joseph Ax; Editing by Noeleen Walder and Dan Grebler) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 26 09:46:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Apr 2014 10:46:09 -0400 Subject: [Infowarrior] - Press freedom: USG wants it both ways Message-ID: <81F8027D-1AC9-42E2-9640-1CC15E923001@infowarrior.org> State Dept launches 'Free the Press' campaign while DOJ asks Supreme Court to force NYT's James Risen to jail Trevor Timm at 5:31 pm Fri, Apr 25, 2014 http://boingboing.net/2014/04/25/state-dept-launches-free-the.html The US State Department announced the launch of its third annual "Free the Press" campaign today, which will purportedly highlight "journalists or media outlets that are censored, attacked, threatened, or otherwise oppressed because of their reporting." A noble mission for sure. But maybe they should kick off the campaign by criticizing their own Justice Department, which on the very same day, has asked the Supreme Court to help them force Pulitzer Prize winning New York Times reporter James Risen into jail. Politico's Josh Gerstein reports that the Justice Department filed a legal brief today urging the Supreme Court to reject Risen's petition to hear his reporter's privilege case, in which the Fourth Circuit ruled earlier this year that James Risen (and all journalists) can be forced to testify against their sources without any regard to the confidentiality required by their profession. This flies in the face of common law precedent all over the country, as well as the clear district court reasoning in Risen's case in 2012. (The government's Supreme Court brief can be read here.) Associated Press reporter Matthew Lee commendably grilled the State Department spokesman about the contradiction of its press freedom campaign and the James Risen case at today's briefing on the State Department initiative, repeatedly asking if the government considers press freedom issues in the United States the same way it does aboard. The full transcript is below. As Gerstein noted, "The Justice Department brief is unflinchingly hostile to the idea of the Supreme Court creating or finding protections for journalists," and if the Justice Department succeeds "it could place President Barack Obama in the awkward position of presiding over the jailing of a journalist in an administration the president has vowed to make the most transparent in history." The government does mention it is working with Congress to craft a reporter's shield bill, which should give you some indication that the proposed bill is at best a watered-down, toothless version of what many courts have offered journalists for decades, and that would be no help to James Risen?the exact type of reporter that we should be attempting to protect the most. It's important to remember that in Risen's case, the government has previously analogized reporter's privilege to a criminal receiving drugs from someone and refusing to testify about it. We'll have more on both the shield law and the Risen case soon, but it's clear that the US government still refuses to walk the walk when providing journalists the protections it says it believes in. Oh, and while we're on the subject, maybe the State Department can use its "Free the Press" campaign to put pressure on one of its staunchest allies, the United Kingdom, which is using terrorism laws to suppress acts of journalism?something the State Department has condemned many times in the past. Here's the full interaction between the AP's Matthew Lee and the State Department spokesperson Jennifer Psaki on James Risen and US press freedom at today's State Department briefing: JENNIFER PSAKI: One more announcement for all of you: With World Press Freedom Day around the world on May 3rd, the department will launch its third annual Free the Press campaign later this afternoon in New York at the U.S. U.N. mission. Beginning on Monday and all of next week, we will highlight emblematic cases of imperiled reporters and media outlets that have been targeted, oppressed, imprisoned or otherwise harassed because of their professional work. The first two cases will be announced by Assistant Secretary -- Assistant Secretary Tom Malinowski later at the -- at U.S. U.N. And we invite you of course to follow Tom at Twitter, who has -- on Twitter who, as you all know, was just confirmed several weeks, @Malinowski and to keep up with human rights issues on DRL's website. With that -- Q: Sure. Just on that, reporters who are, what, harassed? I'm sorry -- MS. PSAKI: Targeted, oppressed, imprisoned or otherwise harassed. Q: Otherwise harassed. Does that include those who may have been targeted, harassed, imprisoned and otherwise whatever by the United States government? MS. PSAKI: I'm -- Q: No? MS. PSAKI: I think you're familiar with our Free the Press campaign, Matt, but -- Q: Fair enough. So it does not include those who might have been harassed by -- MS. PSAKI: We highlight, as we often do, where we see issues with media freedom around the world. Q: Right, I understand. But you would say that you don't -- the U.S. does not believe that it has a problem with press freedom, or if it does, that it's not nearly as severe as the problems in other countries. MS. PSAKI: We do not. I think we can look at many of the problems -- On media press freedom? Oh. Go ahead. And then we'll go to you, (Paul ?). Did you have another question on media press freedom, or -- ... Q: If I could just go back to the overall, in general, the administration does not regard attempting to prosecute American journalists as an infringement of press freedom? MS. PSAKI: I'm not sure which case you're -- what you're referring to. Q: Well, there's several cases that are out there right now. The one that comes -- springs to mind is the James Risen case, where the Justice Department is attempting to prosecute. I just want to be clear. I'm not trying to -- MS. PSAKI: Well, Matt, I -- Q: I just want to know if you regard that as an infringement on press freedom or not. And I suspect that you do not, but I want to make sure that that's the case. MS. PSAKI: As you know, and I'll, of course, refer to the Department of Justice, but the leaking of classified information is in a separate category. What we're talking about here, as you all know and unfortunately we have talk about on a regular basis here, is the targeting of journalists, the arrests, the imprisonment for simply exercising their ability to tell the story. Q: Right. I understand that. And we're all, I'm sure, myself and all my colleagues, we're very appreciative of that. But the reporters in question here have not leaked the information; they simply published it. So is it correct, then, that you don't believe -- you don't regard that as an infringement of press freedom? MS. PSAKI: We don't. I don't have anything more to say on that case. Q: OK. MS. PSAKI: Do we have a new topic? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 26 09:49:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Apr 2014 10:49:40 -0400 Subject: [Infowarrior] - How We Read a NYTimes Story on Drone Strikes in Yemen Message-ID: Excellent parsing of MSM reporting. ?rick How We Read a NYTimes Story on Drone Strikes in Yemen By Ryan Goodman and Sarah Knuckey Wednesday, April 23, 2014 at 8:03 AM http://justsecurity.org/2014/04/23/read-nytimes-story-drone-strikes-yemen/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 26 09:51:04 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Apr 2014 10:51:04 -0400 Subject: [Infowarrior] - DC thinks it can silence a new Snowden, but the anti-leak hypocrisy is backfiring Message-ID: <170AD031-0FC6-4606-A560-ED5F02003182@infowarrior.org> DC thinks it can silence a new Snowden, but the anti-leak hypocrisy is backfiring The Obama administration's latest secrecy guidelines would make Deep Throat spin in his grave. Good thing the floodgates are about to open on drones ? Trevor Timm ? theguardian.com, Saturday 26 April 2014 07.30 EDT http://www.theguardian.com/commentisfree/2014/apr/26/new-snowden-obama-administration-anti-leak-guidelines After Edward Snowden caught the US government with its pants down, you would think the keepers of this country's secrets might stand up for a little more transparency, not bend over backwards trying to control the message. Instead, this week we found out the Most Transparent Administration in American History? has implemented a new anti-press policy that would make Richard Nixon blush. National intelligence director James Clapper, the man caught lying to Congress from an "unauthorized" leak by Snowden, issued a directive to the employees of all 17 intelligence agencies barring all employees from any "unauthorized" contact with the press. The underappreciated Steven Aftergood, of the Federation of American Scientists, first reported the story on his indispensable blog on government secrecy, but it was quickly picked up by major outlets under very ominous headlines. Even the Washington Post's editorial board, which once bizarrely called on its own reporters to stop the Snowden leaks that eventually led to the Post sharing the Pulitzer Prize, harshly criticized the new rules, writing that "Clapper's directive works in the opposite direction of what is needed" and "will lead to more isolation and suspicion." Employees can now lose their jobs, security clearances and, essentially, their careers for "unauthorized" contact ? even routine calls or Mayflower Hotel drinks about unclassified topics that couldn't possibly pose a threat to national security. That will inevitably leave journalists in the cold when trying to explain complex government policies, top-secret or not, especially since the official explanations so often leave a lot to be desired. If you're an intelligence official, attempting to explain public policy to a journalist may now be tantamount to a crime. As Aftergood declared, "Henceforward, the only news about intelligence is to be authorized news." Instead of allowing the press to report the facts, the government is trying to build something resembling a propaganda machine. Want an example of what our front-page, "authorized"-only news might look like from now on? Check out Just Security's excellent paragraph-by-paragraph annotation of the New York Times report this week on recent drone strikes in Yemen, where dozens of people have been killed. All we have are seemingly "authorized" but anonymous sources spouting the government's party line, with absolutely no way to back up their claims. At the same time, the government is trying to cut off any protections journalists may have left from protecting any unauthorized sources that may slip through the cracks. On Friday, the Justice Department urged the US supreme court to reject New York Times reporter James Risen's petition to hear his important reporter's privilege case, which could force him to go to jail rather than give up his source. But while the government is intent shutting down anything but its own PR campaign from permeating the day's news, a floodgate in the anti-leak plan simultaneously has opened up in another significant ? but, again, underappreciated ? case. Thanks to an order from the Second Circuit Court of Appeals, the administration will finally be forced to make public one of its many secret legal opinions by the Justice Department's Office of Legal Counsel (OLC) justifying the extrajudicial killing of Americans overseas with drone strikes. Why is the government being forced to come clean, after so long, on at least part of its covert assassination program? Ironically, the three-judge panel cited, as a main reason to declassify the opinion, the Obama administration's own strategy of talking to the press about secret policy ? the strategy that suits its own message. These kinds of "authorized" leaks are used for PR purposes, and they flow steadily and conveniently from the White House ? including a 16-page white paper on the legal interpretation of drones strike dropped off to NBC News under pressure last year as a kind of unspoken trade-off for the full opinion. The Times won the new Freedom of Information Act (FOIA) case on drones along with the ACLU, and the paper's editorial board called the administration's latest claims "self-serving and duplicitous," going on to say "the administration has shown itself to be more interested with its public relations crusade than with being open and honest with the American people about significant acts carried out in their name." The truth-about-drones opinion has the potential to force the administration to come clean on a variety of policies, but don't expect them to do any of that anytime soon. This week, the OLC released a list of 2013 unclassified legal opinions to the Huffington Post's Ryan Reilly in response to his own FOIA request. The subjects of all but one were blacked out: List of all 10 unclassified opinions authored by #DOJ's Office of Legal Counsel in 2013. #FOIA pic.twitter.com/o2tHIV8Jjo ? Ryan J. Reilly (@ryanjreilly) April 24, 2014 You'll notice something over almost every blacked-out line in that photo: the b(5) exemption to the Freedom of Information Act, the bane of lawyers and FOIA nerds, which can more accurately be described as the "withhold it because we want to" exemption. It's been the subject to critical Congressional testimony and a blistering investigation from National Security Archive of the many times the government has used the exemption to black out embarrassing details, fraud or illegality ? only to have the uncensored documents leak to the press, steadily and conveniently, at a later date. It's an exemption that the Obama administration once promised to curtail. Like many of its promises, the government took the opposite route. In 2013, according to a recent study by the Associated Press, the Obama administration invoked the "withhold it because we want to" exemption a record 81,752 times. But it's also one of the exemptions the Second Circuit rejected this week. Coupled with recent court orders in recent Freedom of Information Act cases over NSA surveillance and the promising "magistrate's revolt", in which lower level judges rejecting the Justice Department's broad requests for data and calling for more transparency, it's possible the Snowden Effect has reached the judiciary, just as the executive branch tries to shut down any vestige of candor within its own secretive ranks. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 27 16:28:48 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Apr 2014 17:28:48 -0400 Subject: [Infowarrior] - Vuln Found in Every Version of Internet Explorer Message-ID: Microsoft Security Advisory 2963983 Vulnerability in Internet Explorer Could Allow Remote Code Execution Published: April 26, 2014 Version: 1.0 Executive Summary Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections. Microsoft continues to encourage customers to follow the guidance in the Microsoft Safety & Security Center of enabling a firewall, applying all software updates, and installing antimalware software. < ? > https://technet.microsoft.com/en-us/library/security/2963983.aspx --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 28 15:50:33 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Apr 2014 16:50:33 -0400 Subject: [Infowarrior] - Video: Keith Alexander interview by John Oliver Message-ID: Last Week Tonight With John Oliver: General Keith Alexander http://www.youtube.com/watch?v=k8lJ85pfb_E --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 28 15:51:01 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Apr 2014 16:51:01 -0400 Subject: [Infowarrior] - Fwd: Banks To Pay Microsoft $100m each to Support Outdated Windows XP-based ATMS References: <201404281844.s3SIiuDi026018@synergy.ecn.purdue.edu> Message-ID: <3342A91A-951C-45F2-99CC-66C119D771E2@infowarrior.org> > From: Joe > http://www.techweez.com/2014/03/17/banks-paying-to-support-atms-running-windows-xp/ > > Microsoft has put deadline to the Windows XP support set to end on April 8th 2014. Among those hardest hit by this > move are the major banks in the US and UK and their global subsidiaries whose ATMs are still running on the 12 > year-old operating system. Around 95 percent of ATMs in the world are still running on Windows XP according to ATM > machine maker NCR but only a third of banks will upgrade their ATMs to a newer OS before official XP support ends on > April 8th, leaving many institutions little choice but to pay Microsoft for an extended contract if they still want > support. > > ... > From rforno at infowarrior.org Mon Apr 28 15:51:16 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Apr 2014 16:51:16 -0400 Subject: [Infowarrior] - Fwd: New U.S. Stealth Jet Can?t Hide From Russian Radar References: <201404281849.s3SIn4Z5026197@synergy.ecn.purdue.edu> Message-ID: <796922F4-4BB2-4267-9196-3D835B0FA09E@infowarrior.org> Begin forwarded message: > From: Joe > > http://www.thedailybeast.com/articles/2014/04/28/new-u-s-stealth-jet-can-t-hide-from-russian-radar.html > > America?s gazillion-dollar Joint Strike Fighter is supposed to go virtually unseen when flying over enemy turf. But > that?s not how things are working out. > > The F-35 Joint Strike Fighter?the jet that the Pentagon is counting on to be the stealthy future of its tactical > aircraft?is having all sorts of shortcomings. But the most serious may be that the JSF is not, in fact, stealthy in > the eyes of a growing number of Russian and Chinese radars. Nor is it particularly good at jamming enemy radar. Which > means the Defense Department is committing hundreds of billions of dollars to a fighter that will need the help of > specialized jamming aircraft that protect non-stealthy??radar-shiny,? as some insiders call them?aircraft today. > > ... > From rforno at infowarrior.org Mon Apr 28 20:36:45 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Apr 2014 21:36:45 -0400 Subject: [Infowarrior] - US senators remove requirement for disclosure over drone strike victims Message-ID: US senators remove requirement for disclosure over drone strike victims ? Bill had called for disclosure of 'noncombatant civilians' killed ? Director of National Intelligence gives assurances to Senate ? Spencer Ackerman in New York ? theguardian.com, Monday 28 April 2014 18.28 EDT At the behest of the director of national intelligence, US senators have removed a provision from a major intelligence bill that would require the president to publicly disclose information about drone strikes and their victims. The bill authorizing intelligence operations in fiscal 2014 passed out of the Senate intelligence committee in November, and it originally required the president to issue an annual public report clarifying the total number of ?combatants? and ?noncombatant civilians? killed or injured by drone strikes in the previous year. It did not require the White House to disclose the total number of strikes worldwide. But the Guardian has confirmed that Senate leaders have removed the language as they prepare to bring the bill to the floor for a vote, after the director of national intelligence, James Clapper, assured them in a recent letter that the Obama administration was looking for its own ways to disclose more about its highly controversial drone strikes. ?The executive branch is currently exploring ways in which it can provide the American people more information about the United States? use of force outside areas of active hostilities,? Clapper wrote to the leaders of the Senate committee, Democrat Dianne Feinstein of California and Republican Saxby Chambliss of Georgia, on 18 April. ?To be meaningful to the public, any report including the information described above would require context and be drafted carefully so as to protect against the disclosure of intelligence sources and methods or other classified information. ? We are confident we can find a reporting structure that provides the American people additional information to inform their understanding of important government operations to protect our nation, while preserving the ability to continue those operations,? Clapper continued. < - > http://www.theguardian.com/world/2014/apr/28/drone-civilian-casualties-senate-bill-feinstein-clapper --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 29 06:54:45 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Apr 2014 07:54:45 -0400 Subject: [Infowarrior] - Meet TISA: Another Major Treaty Negotiated In Secret Alongside TPP And TTIP Message-ID: Meet TISA: Another Major Treaty Negotiated In Secret Alongside TPP And TTIP http://www.techdirt.com/articles/20140428/10593427051/meet-tisa-another-major-treaty-negotiated-secret-alongside-tpp-ttip.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 29 14:14:23 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Apr 2014 15:14:23 -0400 Subject: [Infowarrior] - CISPA 3.0 revealed Message-ID: <341CC649-C963-4E4F-9B00-B3C8FE4FECCF@infowarrior.org> CISPA Take 3: Feinstein & Chambliss Draft Another Cybersecurity Bill, Designed To Wipe Out Your Privacy http://www.techdirt.com/articles/20140429/07203227062/cispa-take-3-sens-feinstein-chambliss-draft-another-cybersecurity-bill-with-weak-privacy-protections-expansive-data-sharing.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 29 14:14:27 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Apr 2014 15:14:27 -0400 Subject: [Infowarrior] - Senate intelligence panel leaders draft cyber legislation Message-ID: Senate intelligence panel leaders draft cyber legislation By Ellen Nakashima http://www.washingtonpost.com/world/national-security/senate-intelligence-panel-leaders-draft-cyber-legislation/2014/04/28/fe7387bc-cf03-11e3-a6b1-45c4dffb85a6_print.html Members of the Senate Intelligence Committee are drafting cyber legislation that would enable companies to share threat data with federal agencies without fear of getting sued, officials said Monday. Efforts to move comprehensive legislation in this area have failed in recent years, with a bill to establish security standards and ease data sharing going down to defeat in 2012. Recent disclosures about ties between the National Security Agency and telecommunications firms have made it even more difficult to advance legislation that would call for the sharing of data between the government and the private sector. The House has twice passed information-sharing-only bills ? most recently last year ? but the Senate has not been able to reach a consensus on the issue. Still, senior intelligence and military officials recently have renewed calls for legislative action, citing the threat of cyberattacks. The new, 39-page draft bill, written by Sen. Dianne Feinstein (D-Calif.), chairman of the intelligence committee, and Sen. Saxby Chambliss (Ga.), the ranking Republican, states that no lawsuit may be brought against a company for sharing threat data with ?any other entity or the federal government? to prevent, investigate or mitigate a cyberattack. Protection from lawsuits has been a key demand from industry officials and a point of contention for privacy advocates, who have argued that such an exemption could expose consumers? data to potential government abuse or even encourage firms that have been hacked to go on the offensive. In 2012, the advocates persuaded the committee to specify that the threat data could be shared only with a civilian agency. But the new draft leaves open the possibility that data could be sent directly to military or intelligence agencies. The bill is prompting objections from civil liberties advocates, who say the legislation in its current form is too sweeping. ?This is definitely a step back,? said Gabe Rottman, legislative counsel and policy adviser for the American Civil Liberties Union, who was shown a copy of the draft. ?The problem is the definitions of what can be shared and who it can be shared with are too broad. In this draft, companies can share data with the military and the NSA. Given the past revelations, I think it?s important to keep this information in civilian hands.? A committee aide said staff members were seeking comment so that senators can consider revisions before any formal consideration of the legislation. The bill also would enable the government to share cyberthreat data with industry. The draft states that information may be shared that ?indicates, describes or is necessary? to identify a software vulnerability, computer intrusion or attack. Although it says that personal information should be stripped out before the data are passed on to the government, if the personal information is not ?directly related? to the attack, the looseness of the language and the real-time nature of data sharing leave room for error, privacy advocates said. They also expressed concern that the data could be used not just for cybersecurity but also for foreign intelligence, counterintelligence or law enforcement aims. Adm. Michael S. Rogers, the director of the NSA and head of the U.S. Cyber Command, said at his confirmation hearing in March that liability protection was ?a critical element? of any cyber bill. Rogers, who was confirmed March 31, said such legislation ?is a key for our future.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 29 17:20:53 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Apr 2014 18:20:53 -0400 Subject: [Infowarrior] - Springtime for CISPA Message-ID: Springtime for CISPA By Richard Forno on April 29, 2014 at 12:55 pm https://cyberlaw.stanford.edu/blog/2014/04/springtime-cispa Spring is here. The flowers are in bloom, the days are longer, and Congress queues up for another legislative proposal to 'address' cybersecurity in the United States. Yes -- springtime is CISPA-time. Last year, on April 18, 2013, I discussed the "Cybersecurity Information Sharing and Protection Act" (CISPA) as it moved through the US House. (And thankfully failed.) Today, on April 29, 2014, I am reporting that a draft version of what already is being considered CISPA 3.0 (PDF) now is floating around the US Senate -- although perhaps this should be considered 'Son of CISPA' as it drops the "P" and now is called the "Cybersecurity Information Sharing Act of 2014." Upon a very brief initial review, CISPA 3.0 continues the controversial proposal of granting broad immunities (including anti-trust) to technology companies for sharing cybersecurity information with "any other entity or the federal government" even if they do not fix the underlying problems and/or disclose them publicly to customers. "Any other entity" is fairly vague, and could range from established organisations like US-CERT and respected commercial security centers to a private administrative entity created exclusively for companies to "report" security information to and gain CISPA 3.0-provided immunities The proposal also takes a very broad view of what information can be shared and with whom -- a concern that previous versions of CISPA and many of the ongoing Snowden revelations confirm are viable privacy concerns for global Internet citizens. However, while some attention is given to address privacy in this proposal, there remains a fair amount of legal flexibility both in its overall interpretation and for exigent circumstances that can render such privacy features moot. Which, of course, are situations that never occur, right? Interestingly, this proposal defines 'countermeasures' as "any action, device, procedure, technique, or other measure that meets or counters a threat, vulnerability, or attack by eliminating or preventing it, or by minimizing the harm it may cause." While I need to re-read the entire proposal again, my initial reaction is to wonder if this could be a precursor to legalising active cybersecurity countermeasures, such as controversial "strikeback" techniques, too. More to follow as it develops. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 29 19:31:35 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Apr 2014 20:31:35 -0400 Subject: [Infowarrior] - Chase Shuts Down Accounts of Adult Entertainers Message-ID: The Morality Police in Your Checking Account: Chase Bank Shuts Down Accounts of Adult Entertainers In the latest example of a troubling trend in which companies play the role of law enforcement and moral police, Chase Bank has shut down the personal bank accounts of hundreds of adult entertainers. We?ve written before about the dire consequences to online speech when service providers start acting like content police. These same consequences are applicable when financial services make decisions about to whom they provide services. Just as ISPs and search engines can become weak links for digital speech, too often financial service providers are pressured by the government to shut down speech or punish speakers who would otherwise be protected by the First Amendment. It?s unclear whether this is an example of government pressure, an internal corporate decision, or some combination. Chase has yet to give an official statement on why the accounts are being closed. At least one of the customers affected by Chase?s decision to shut down adult entertainers? accounts, Teagan Presley, was told by Chase that her account was being shut down "because she?s considered 'high risk.'" According to NY Daily News, her husband Joshua Lehman (whose account is also being closed) reports receiving conflicting information from Chase about why the accounts were being shut down? < - > https://www.eff.org/deeplinks/2014/04/moral-police-your-checking-account-chase-bank-shuts-down-accounts-adult --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 30 06:21:56 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Apr 2014 07:21:56 -0400 Subject: [Infowarrior] - FBI Keeps Internet Flaws Secret to Defend Against Hackers Message-ID: <173C803C-53B9-400F-846C-6EB9CAA9F6C3@infowarrior.org> FBI Keeps Internet Flaws Secret to Defend Against Hackers By Chris Strohm and Michael Riley Apr 30, 2014 12:00 AM ET http://www.bloomberg.com/news/2014-04-30/fbi-keeps-internet-flaws-secret-to-defend-against-hackers.html The Obama administration is letting law enforcement keep computer-security flaws secret in order to further U.S. investigations of cyberspies and hackers. The White House has carved out an exception for the Federal Bureau of Investigation and other agencies to keep information about software vulnerabilities from manufacturers and the public. Until now, most debate has focused on how the National Security Agency stockpiles and uses new-found Internet weaknesses, known as zero-day exploits, for offensive purposes, such as attacking the networks of adversaries. The law enforcement operations expose a delicate and complicated balancing act when it comes to agencies using serious security flaws in investigations versus disclosing them to protect all Internet users, according to former government officials and privacy advocates. ?You might have a bad guy using a zero-day to attack a nuclear facility,? Steven Chabinsky, a former deputy assistant director in the FBI?s cybersecurity division, said in a phone interview. ?The FBI doesn?t disclose that vulnerability because they don?t want to tip their hand.? President Barack Obama?s administration is grappling with how to use Internet flaws for offensive and defensive purposes, and when they should be disclosed to software manufacturers or the public in order to be fixed. The debate became public after disclosures by Edward Snowden about NSA spying and intensified over questions whether the agency knew about the Heartbleed bug and kept it silent, which the government has denied. Investigative Need Computer flaws that are unknown to software and hardware developers are referred to as zero-day, a reference to there having been no time yet to correct the vulnerabilities. When the Obama administration said April 11 that the U.S. government should disclose zero-day used in cyberspying, it left two exceptions including one for clear ?law enforcement need.? While the FBI doesn?t use zero-day, it does conduct extensive counter counterespionage, secretly watching the hackers of other nations as they attack U.S. computer networks, Chabinsky and other former agency cybersecurity officials said. Some of those investigations can go on for years, which means U.S. law enforcement may leave global users of the Internet vulnerable for lengthy periods. In that role, the bureau can see zero-day exploits being used by attackers, said Chabinsky, who is now an executive with the computer-security company CrowdStrike Inc. based in Laguna Niguel, California. Law enforcement agencies should find ways to disclose zero-day flaws so they can be fixed and only keep them secret under extreme scenarios such as when it?s necessary to prevent the loss of lives, Jeremy Gillula, a staff technologist with the Electronic Frontier Foundation based in San Francisco, said in a phone interview. Public Disclosure ?The default should be to disclose,? Gillula said. ?If it?s super important intelligence and the vulnerability isn?t much of a risk to the core Internet infrastructure, then maybe they could consider not disclosing it right away. I would say those scenarios are few and far between.? The Obama administration also should release more details about its policy for keeping the flaws secret, Gillula said. ?We?re not asking them to disclose the specifics of any particular investigation,? he said. ?It?s the same way that it?s useful to know when the police have the authority to go get a warrant.? Whenever the FBI receives and identifies credible intelligence about a computer vulnerability, it will ?work proactively with other government agencies and private sector partners to mitigate such gaps and prevent crimes from occurring,? the bureau said in an e-mailed statement. ?Crucial Intelligence? Disclosing a computer vulnerability could mean losing ?an opportunity to collect crucial intelligence that could thwart a terrorist attack, stop the theft of our nation?s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks,? Michael Daniel, the White House cybersecurity coordinator, said in an April 28 blog. ?Building up a huge stockpile of undisclosed vulnerabilities while leaving the Internet vulnerable and the American people unprotected would not be in our national security interest,? he said. ?But that is not the same as arguing that we should completely forgo this tool as a way to conduct intelligence collection, and better protect our country in the long-run,? Daniel said. ?Weighing these tradeoffs is not easy, and so we have established principles to guide agency decision-making in this area.? FBI Hacking The administration has established ?a disciplined, rigorous and high-level decision-making process? in deciding whether to disclose flaws, although ?there are no hard and fast rules,? Daniel said. Questions Daniel said he would want answered include how important a vulnerable system is to core Internet infrastructure or the U.S. economy, and could the flaw be used for a short period of time before it?s disclosed. The FBI also hacks into computers and networks of adversaries using what are known as remote access operations coordinated by a team at the bureau?s facility in Quantico, Virginia, said a former government official. Most of the malware and computer exploits used are available for purchase online and the operations are authorized by warrants specifying devices targeted, the official said in a phone interview. Privacy Concern Chabinsky said zero-day flaws developed by the U.S. are considered classified and ?there is no situation that I can imagine when the intelligence community would allow a classified tool to be used in a criminal investigation.? The FBI has agents attached to NSA?s elite hacking units, a national security source has said. If those units detect an attack from outside the U.S., FBI liaisons can track possible targets on U.S. soil, which the NSA is prevented from doing, Chabinsky said. The potential for law enforcement agencies to find and exploit zero-day flaws raises serious privacy and policy concerns, said Michael German, a fellow at the Brennan Center for Justice at the New York University School of Law. ?Certainly it appears inappropriate for a government agency responsible for all of our security to allow a security vulnerability to exist,? German, a former FBI agent, said in a phone interview. Another concern is that other government agencies, like the Drug Enforcement Administration, Secret Service or state and local law enforcement, will obtain the capacity to exploit secret security gaps, Christopher Soghoian, principal technologist for the American Civil Liberties Union, said in a phone interview. Agencies may mistakenly send malware to the computers of innocent users, with the potential to disrupt networks that operate power grids, banks or other critical infrastructure, Soghoian and German said. ?It?s something that fundamentally threatens the security of the Internet,? Soghoian said. ?It?s a technique that puts the public at risk.? To contact the reporters on this story: Chris Strohm in Washington at cstrohm1 at bloomberg.net; Michael Riley in Washington at michaelriley at bloomberg.net To contact the editors responsible for this story: Winnie O?Kelley at wokelley at bloomberg.net Elizabeth Wasserman, Romaine Bostick --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 30 06:27:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Apr 2014 07:27:58 -0400 Subject: [Infowarrior] - Google Stops Scanning Student Gmail Accounts for Ads Message-ID: <67A4FF13-727D-4E49-8899-82767F6D8895@infowarrior.org> Google Stops Scanning Student Gmail Accounts for Ads By ALISTAIR BARR http://blogs.wsj.com/digits/2014/04/30/google-stops-scanning-student-gmail-accounts-for-ads/ Google said Wednesday that it stopped scanning student Gmail accounts for advertising purposes after the practice was scrutinized during a recent court case. Google Apps for Education, a free service used by more than 30 million students, teachers and administrators, offers Gmail email accounts, as well as calendars, cloud storage and document creation. Google didn?t place ads inside the apps, which it offered to educational institutions since 2006. However, the company continued to scan the contents of students? Gmail accounts., gathering information that could potentially have been used to target ads to those students elsewhere online. Google?s move marked the second time in as many weeks that privacy concerns prompted changes at a maker of education software. InBloom, a nonprofit that managed and stored data about school students, said last week it was shutting down over concerns about the way it collected and shared data. InBloom was partly financed by MicrosoftMSFT -0.89% co-Founder Bill Gates? charity the Bill and Melinda Gates Foundation. Students and other Gmail users sued Google last year in California, claiming the email scanning violated wiretap laws. During the litigation, Google said that it scanned emails sent and received by students who attend schools that use Apps for Education. Education Week magazine reported that such activity may violate the Family Educational Rights and Privacy Act, a law that protects educational records. Bram Bout, director of Google for Education, said the company will no longer scan Gmail in Apps for Education, and won?t collect or use student data from Apps for Education for advertising purposes. Google is making similar changes to its Apps services for businesses and government users, Bout said. Google competes against Microsoft and others in the $8 billion market for software for elementary and secondary schools, according to the Software & Information Industry Association. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 30 07:25:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Apr 2014 08:25:58 -0400 Subject: [Infowarrior] - UK: Stop and search powers to be reviewed Message-ID: <1ECF8B55-2002-466A-9230-4F4D607DD4E0@infowarrior.org> 30 April 2014 Last updated at 08:21 ET Stop and search powers to be reviewed http://www.bbc.com/news/uk-27224887 Theresa May said stop and search was counterproductive when misused Police stop and search powers are to be overhauled with a revised code of conduct, the home secretary has said. Theresa May said while stop and search was an important police power, when misused it could be "counterproductive" and an "enormous waste of police time". She said the number of stop and searches should come down. If it did not, Mrs May said she would introduce legislation to enforce new measures. An inquiry found that a quarter of stop and searches may have been illegal. The probe by Her Majesty's Inspectorate of Constabulary also found that more than half of all police forces in England and Wales were ignoring some rules on stop and search. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 30 09:35:50 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Apr 2014 10:35:50 -0400 Subject: [Infowarrior] - New Bill Requires Voice of America to Toe U.S. Line Message-ID: <702BB468-9829-4D97-86D7-5357D8DB6C34@infowarrior.org> (c/o BL) New Bill Requires Voice of America to Toe U.S. Line BY JOHN HUDSON // APRIL 29, 2014 - 11:20 AM http://thecable.foreignpolicy.com/posts/2014/04/29/exclusive_new_bill_requires_voice_of_america_to_toe_us_line A powerful pair of lawmakers in the House of Representatives have agreed on major legislation to overhaul Voice of America and other government-funded broadcasting outlets that could have implications for the broadcaster's editorial independence, Foreign Policy has learned. The new legislation tweaks the language of VOA's mission to explicitly outline the organization's role in supporting U.S. "public diplomacy" and the "policies" of the United States government, a move that would settle a long-running dispute within the federal government about whether VOA should function as a neutral news organization rather than a messaging tool of Washington. "It is time for broad reforms; now more than ever, U.S. international broadcasts must be effective," said Rep. Ed Royce (R-CA), the chairman of the House Foreign Affairs Committee, in a statement. The bill is the result of a year's worth of negotiations between Democrats and Republicans working hand-in-glove with their counterparts in the Senate Foreign Relations Committee. It has the support of the committee's most senior Democrat, New York Congressman Eliot Engel, and will get a vote on Wednesday in the committee. Corresponding bipartisan legislation is currently in the works in the Senate. Besides clarifying VOA's mission, the bill reorganizes the federal agency responsible for supervising U.S.-funded media outlets, the Broadcasting Board of Governors. Instead of being led by a group of part-time board members, the bill establishes a full-time, day-to-day agency head. It also consolidates Radio Free Europe, Radio Free Asia and the Middle East Broadcasting Network -- other foreign-facing broadcast outlets -- into a single non-federal organization, and aims to save costs by downsizing the number of federal contractors at the outlets in the years to come. Within VOA, the proposed reforms to its mission may prove the most controversial. Founded in 1942 as a part of the Office of War Information, the VOA was originally tasked with countering Japanese and Nazi propaganda. In the 1950s, it moved to the State Department and the U.S. Information Agency where it focused its efforts on countering Communist propaganda. In later years, VOA concentrated on providing news to individuals living in repressive regimes. In 1976, President Gerald Ford signed its principles into law, emphasizing VOA's mission as an "accurate, objective, and comprehensive" source of news, as opposed to a propaganda outlet. For many years since then, employees at the TV and radio broadcaster have insisted on viewing themselves as objective journalists as opposed to instruments of American foreign policy. On some rare occasions, that sense of independence has resulted in news stories that depict the United States in a less than favorable light. "The persian News Network of Voice of America has been documented to show anti-American bias," the conservative Heritage Foundation alleged in a policy brief this month. Such instances have led congressional overseers to wonder why they're spending hundreds of millions of dollars on a news outlet without a more explicitly pro-American editorial focus. "This legislation makes clear that the Voice of America mission is to support U.S. public diplomacy efforts," reads a summary of the new bill. "The VOA charter states that VOA will provide a ?clear and effective presentation of the policies of the United States ... Over time, VOA has abandoned this mission." Lynne Weil, a spokesperson for the BBG, declined to weigh in on the proposal. "The agency does not comment on pending legislation," she said. The timing of the bill comes as the crisis in Ukraine has prompted a renewed information war between Washington and Moscow. In recent weeks, the Kremlin has put its TV network RT into overdrive to castigate Western involvement in Ukraine and denounce the Kiev government as right-wing fascists. Meanwhile, Congress passed a bill last month providing more authority to VOA and RFE/RL to expand broadcasting into Ukraine and eastern Europe. The BBG's budget request for fiscal year 2015 is $721 million. A copy of the bill appears below: --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 30 09:58:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Apr 2014 10:58:20 -0400 Subject: [Infowarrior] - BASIC turns 50 Message-ID: (Yes, I am one of those who grew up doing amazing things w/ and learning from BASIC in the ?80s. Ahh, memories! ?rick) Baby we were born to RUN: celebrating 50 years of Basic Created 50 years ago, the computing language Basic played a crucial role in teaching people to code and led to the democratisation of personal computing in the 1980s http://www.theguardian.com/education/2014/apr/30/celebrating-50-years-of-basic --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.